Us Congress 2025-2026 Regular Session

Us Congress House Bill HB2612 Compare Versions

Only one version of the bill is available at this time.

Old	New	Differences
1	1	I
2	2	119THCONGRESS
3	3	1
4	4	STSESSION H. R. 2612
5	5	To establish a centralized system to allow individuals to request the simulta-
6	6	neous deletion of their personal information across all data brokers,
7	7	and for other purposes.
8	8	IN THE HOUSE OF REPRESENTATIVES
9	9	APRIL2, 2025
10	10	Mrs. T
11	11	RAHANintroduced the following bill; which was referred to the
12	12	Committee on Energy and Commerce
13	13	A BILL
14	14	To establish a centralized system to allow individuals to
15	15	request the simultaneous deletion of their personal infor-
16	16	mation across all data brokers, and for other purposes.
17	17	Be it enacted by the Senate and House of Representa-1
18	18	tives of the United States of America in Congress assembled, 2
19	19	SECTION 1. SHORT TITLE. 3
20	20	This Act may be cited as the ‘‘Data Elimination and 4
21	21	Limiting Extensive Tracking and Exchange Act’’ or the 5
22	22	‘‘DELETE Act’’. 6
23	23	SEC. 2. DATA DELETION REQUIREMENTS. 7
24	24	(a) D
25	25	ATABROKERANNUALREGISTRATION.— 8
26	26	(1) I
27	27	N GENERAL.— 9
28	28	VerDate Sep 11 2014 01:24 Apr 08, 2025 Jkt 059200 PO 00000 Frm 00001 Fmt 6652 Sfmt 6201 E:\BILLS\H2612.IH H2612
29	29	kjohnson on DSK7ZCZBW3PROD with $$_JOB 2
30	30	•HR 2612 IH
31	31	(A) REGULATIONS.—Not later than 1 year 1
32	32	after the date of enactment of this section, the 2
33	33	Commission shall promulgate regulations to re-3
34	34	quire any data broker to— 4
35	35	(i) not later than 18 months after the 5
36	36	date of enactment of this section, and an-6
37	37	nually thereafter, register with the Com-7
38	38	mission; and 8
39	39	(ii) subject to subparagraph (B), pro-9
40	40	vide with such registration certain informa-10
41	41	tion, including— 11
42	42	(I) the name and primary phys-12
43	43	ical, email, and uniform resource loca-13
44	44	tor (URL) addresses of the data 14
45	45	broker; 15
46	46	(II) if the data broker permits an 16
47	47	individual to opt out of the data bro-17
48	48	ker’s collection or use of personal in-18
49	49	formation, certain sales of such infor-19
50	50	mation, or its databases— 20
51	51	(aa) the method for request-21
52	52	ing an opt-out; 22
53	53	(bb) any limitations on the 23
54	54	type of data collection, uses, or 24
55	55	VerDate Sep 11 2014 01:24 Apr 08, 2025 Jkt 059200 PO 00000 Frm 00002 Fmt 6652 Sfmt 6201 E:\BILLS\H2612.IH H2612
56	56	kjohnson on DSK7ZCZBW3PROD with $$_JOB 3
57	57	•HR 2612 IH
58	58	sales for which an individual may 1
59	59	opt-out; and 2
60	60	(cc) whether the data broker 3
61	61	permits an individual to author-4
62	62	ize a third party to perform the 5
63	63	opt-out on the individual’s behalf; 6
64	64	(III) a response to a standard-7
65	65	ized form (as issued by the Commis-8
66	66	sion) specifying the types of informa-9
67	67	tion the data broker collects or ob-10
68	68	tains and the sources from which the 11
69	69	data broker obtains data; 12
70	70	(IV) a statement as to whether 13
71	71	the data broker implements a 14
72	72	credentialing process and, if so, a de-15
73	73	scription of that process; 16
74	74	(V) any additional information or 17
75	75	explanation the data broker chooses to 18
76	76	provide concerning its data collection 19
77	77	practices; and 20
78	78	(VI) any other information deter-21
79	79	mined appropriate by the Commission. 22
80	80	(B) C
81	81	ONSTRUCTION.—Nothing in this 23
82	82	paragraph shall be construed as requiring a 24
83	83	data broker to disclose any information that is 25
84	84	VerDate Sep 11 2014 01:24 Apr 08, 2025 Jkt 059200 PO 00000 Frm 00003 Fmt 6652 Sfmt 6201 E:\BILLS\H2612.IH H2612
85	85	kjohnson on DSK7ZCZBW3PROD with $$_JOB 4
86	86	•HR 2612 IH
87	87	a trade secret or other kind of confidential in-1
88	88	formation described in section 552(b)(4) of title 2
89	89	5, United States Code. 3
90	90	(2) P
91	91	UBLIC AVAILABILITY.— 4
92	92	(A) I
93	93	N GENERAL.—The Commission shall 5
94	94	make the information provided pursuant to 6
95	95	paragraph (1)(A)(ii) publicly available in a 7
96	96	downloadable and machine-readable format, ex-8
97	97	cept in the event that the Commission— 9
98	98	(i) determines that the risk of making 10
99	99	such information available is not in the in-11
100	100	terest of public safety or welfare; and 12
101	101	(ii) provides a justification for such 13
102	102	determination. 14
103	103	(B) D
104	104	ISCLAIMER.—The Commission shall 15
105	105	include on the website of the Commission a dis-16
106	106	claimer that— 17
107	107	(i) the Commission cannot confirm 18
108	108	the accuracy of the information provided 19
109	109	pursuant to paragraph (1)(A)(ii); and 20
110	110	(ii) individuals may contact a data 21
111	111	broker who provided such information at 22
112	112	their own risk. 23
113	113	(b) C
114	114	ENTRALIZEDDATADELETIONSYSTEM.— 24
115	115	(1) E
116	116	STABLISHMENT.— 25
117	117	VerDate Sep 11 2014 01:24 Apr 08, 2025 Jkt 059200 PO 00000 Frm 00004 Fmt 6652 Sfmt 6201 E:\BILLS\H2612.IH H2612
118	118	kjohnson on DSK7ZCZBW3PROD with $$_JOB 5
119	119	•HR 2612 IH
120	120	(A) IN GENERAL.—Not later than 1 year 1
121	121	after the date of enactment of this section, the 2
122	122	Commission shall promulgate regulations to es-3
123	123	tablish a centralized system that— 4
124	124	(i) implements and maintains reason-5
125	125	able security procedures and practices (in-6
126	126	cluding administrative, physical, and tech-7
127	127	nical safeguards) appropriate to the nature 8
128	128	of the information and the purposes for 9
129	129	which the personal information will be 10
130	130	used, to protect individuals’ personal infor-11
131	131	mation from unauthorized use, disclosure, 12
132	132	access, destruction, or modification; 13
133	133	(ii) allows an individual, through a 14
134	134	single submission, to request that every 15
135	135	data broker who is registered under sub-16
136	136	section (a) and who maintains any per-17
137	137	sistent identifiers (as described in subpara-18
138	138	graph (B)(iii))— 19
139	139	(I) delete any personal informa-20
140	140	tion related to such individual held by 21
141	141	such data broker or affiliated legal en-22
142	142	tity of the data broker; and 23
143	143	(II) unless otherwise specified by 24
144	144	the individual, discontinue any present 25
145	145	VerDate Sep 11 2014 01:24 Apr 08, 2025 Jkt 059200 PO 00000 Frm 00005 Fmt 6652 Sfmt 6201 E:\BILLS\H2612.IH H2612
146	146	kjohnson on DSK7ZCZBW3PROD with $$_JOB 6
147	147	•HR 2612 IH
148	148	or future collection of personal infor-1
149	149	mation related to such individual; and 2
150	150	(iii) allows a registered data broker, 3
151	151	prior to the collection of any personal in-4
152	152	formation that is tied to a persistent iden-5
153	153	tifier for which a registry exists, to submit 6
154	154	a query to the centralized system to con-7
155	155	firm that the persistent identifier is not 8
156	156	subject to a deletion request described in 9
157	157	clause (ii). 10
158	158	(B) R
159	159	EQUIREMENTS.—The centralized sys-11
160	160	tem established in subparagraph (A) shall meet 12
161	161	the following requirements: 13
162	162	(i) The centralized system shall allow 14
163	163	an individual to request the deletion of all 15
164	164	personal information related to such indi-16
165	165	vidual and the discontinuation of any col-17
166	166	lection of such personal information related 18
167	167	to such individual through a single deletion 19
168	168	request. 20
169	169	(ii) The centralized system shall pro-21
170	170	vide a standardized form to allow an indi-22
171	171	vidual to make such request. 23
172	172	(iii) Such standardized form shall in-24
173	173	clude the individual’s email, phone number, 25
174	174	VerDate Sep 11 2014 01:24 Apr 08, 2025 Jkt 059200 PO 00000 Frm 00006 Fmt 6652 Sfmt 6201 E:\BILLS\H2612.IH H2612
175	175	kjohnson on DSK7ZCZBW3PROD with $$_JOB 7
176	176	•HR 2612 IH
177	177	physical address, and any other persistent 1
178	178	identifier determined by the Commission to 2
179	179	aid in the deletion request. 3
180	180	(iv) The centralized system shall auto-4
181	181	matically salt and hash all submitted infor-5
182	182	mation and allow the Commission to main-6
183	183	tain independent hashed registries of each 7
184	184	type of information obtained through such 8
185	185	form. 9
186	186	(v) The centralized system shall only 10
187	187	permit data brokers who are registered 11
188	188	with the Commission to submit hashed 12
189	189	queries to the independent hashed reg-13
190	190	istries described in clause (iv). 14
191	191	(vi) With respect to the independent 15
192	192	hashed registries described in clause (iv), 16
193	193	the salt shall be different for each such 17
194	194	registry and shall be made available to all 18
195	195	registered data brokers for the purposes of 19
196	196	submitting hashed queries, as described in 20
197	197	clause (v). 21
198	198	(vii) The centralized system shall 22
199	199	allow an individual to make such request 23
200	200	using an internet website operated by the 24
201	201	Commission. 25
202	202	VerDate Sep 11 2014 01:24 Apr 08, 2025 Jkt 059200 PO 00000 Frm 00007 Fmt 6652 Sfmt 6201 E:\BILLS\H2612.IH H2612
203	203	kjohnson on DSK7ZCZBW3PROD with $$_JOB 8
204	204	•HR 2612 IH
205	205	(viii) The centralized system shall not 1
206	206	charge the individual to make such re-2
207	207	quest. 3
208	208	(C) T
209	209	RANSITION.— 4
210	210	(i) I
211	211	N GENERAL.—Not later than 8 5
212	212	months after the effective date of the regu-6
213	213	lations promulgated under subparagraph 7
214	214	(A), each data broker shall— 8
215	215	(I) not less than once every 31 9
216	216	days, access the hashed registries 10
217	217	maintained by the Commission as de-11
218	218	scribed in subparagraph (B)(iv); and 12
219	219	(II) process any deletion request 13
220	220	associated with a match between such 14
221	221	hashed registries and the records of 15
222	222	the data broker. 16
223	223	(ii) FTC
224	224	GUIDANCE.—Not later than 17
225	225	6 months after the effective date of the 18
226	226	regulations promulgated under subpara-19
227	227	graph (A), the Commission shall publish 20
228	228	guidance on the process and standards to 21
229	229	which a data broker must adhere in car-22
230	230	rying out clause (i). 23
231	231	(2) D
232	232	ELETION.— 24
233	233	(A) I
234	234	NFORMATION DELETION .— 25
235	235	VerDate Sep 11 2014 01:24 Apr 08, 2025 Jkt 059200 PO 00000 Frm 00008 Fmt 6652 Sfmt 6201 E:\BILLS\H2612.IH H2612
236	236	kjohnson on DSK7ZCZBW3PROD with $$_JOB 9
237	237	•HR 2612 IH
238	238	(i) IN GENERAL.—Subject to clause 1
239	239	(ii), not later than 31 days after accessing 2
240	240	the hashed registries described in para-3
241	241	graph (1)(B)(iv), a data broker and any 4
242	242	associated legal entity shall delete all per-5
243	243	sonal information in its possession related 6
244	244	to the individual making the request and 7
245	245	discontinue the collection of personal infor-8
246	246	mation related to such individual. Imme-9
247	247	diately following the deletion, the data 10
248	248	broker shall send an affirmative represen-11
249	249	tation to the Commission with the number 12
250	250	of records deleted pursuant to each match 13
251	251	with a value in the hashed registries. 14
252	252	(ii) E
253	253	XCLUSIONS.—In carrying out 15
254	254	clause (i), a data broker may retain, where 16
255	255	required, the following information: 17
256	256	(I) Any personal information that 18
257	257	is processed or maintained solely as 19
258	258	part of human subjects research con-20
259	259	ducted in compliance with any legal 21
260	260	requirements for the protection of 22
261	261	human subjects. 23
262	262	(II) Any personal information 24
263	263	necessary to comply with a warrant, 25
264	264	VerDate Sep 11 2014 01:24 Apr 08, 2025 Jkt 059200 PO 00000 Frm 00009 Fmt 6652 Sfmt 6201 E:\BILLS\H2612.IH H2612
265	265	kjohnson on DSK7ZCZBW3PROD with $$_JOB 10
266	266	•HR 2612 IH
267	267	subpoena, court order, rule, or other 1
268	268	applicable law. 2
269	269	(III) Any information necessary 3
270	270	for an activity described in subsection 4
271	271	(f)(3)(B), provided that the retained 5
272	272	information is used solely for any 6
273	273	such activity. 7
274	274	(iii) U
275	275	SE OF INFORMATION.—Any per-8
276	276	sonal information excluded under clause 9
277	277	(ii) may only be used for the purpose de-10
278	278	scribed in the applicable subclause of 11
279	279	clause (ii), and may not be used for any 12
280	280	other purpose, including marketing pur-13
281	281	poses. 14
282	282	(B) A
283	283	NNUAL REPORT.—Each data broker 15
284	284	registered under subsection (a) shall submit to 16
285	285	the Commission, on an annual basis, a report 17
286	286	on the completion rate with respect to the com-18
287	287	pletion of deletion requests under subparagraph 19
288	288	(A). 20
289	289	(C) A
290	290	UDIT.— 21
291	291	(i) I
292	292	N GENERAL.—Not later than 3 22
293	293	years after the date of enactment of this 23
294	294	section, and every 3 years thereafter, each 24
295	295	data broker registered under subsection (a) 25
296	296	VerDate Sep 11 2014 01:24 Apr 08, 2025 Jkt 059200 PO 00000 Frm 00010 Fmt 6652 Sfmt 6201 E:\BILLS\H2612.IH H2612
297	297	kjohnson on DSK7ZCZBW3PROD with $$_JOB 11
298	298	•HR 2612 IH
299	299	shall undergo an independent third party 1
300	300	audit to determine compliance with this 2
301	301	subsection. 3
302	302	(ii) A
303	303	UDIT REPORT.—Not later than 6 4
304	304	months after the completion of any audit 5
305	305	under clause (i), each such data broker 6
306	306	shall submit to the Commission any report 7
307	307	produced as a result of the audit, along 8
308	308	with any related materials. 9
309	309	(iii) M
310	310	AINTAIN RECORDS.—Each such 10
311	311	data broker shall maintain the materials 11
312	312	described in clause (ii) for a period of not 12
313	313	less than 6 years. 13
314	314	(3) A
315	315	NNUAL FEE.— 14
316	316	(A) I
317	317	N GENERAL.—Subject to subpara-15
318	318	graph (B), each data broker registered under 16
319	319	subsection (a) and who maintains any per-17
320	320	sistent identifiers (as described in paragraph 18
321	321	(1)(B)(iii)) shall pay to the Commission, on an 19
322	322	annual basis, a subscription fee determined by 20
323	323	the Commission to access the database. 21
324	324	(B) L
325	325	IMIT.—The amount of the subscrip-22
326	326	tion fee under subparagraph (A) may not ex-23
327	327	ceed 1 percent of the expected annual cost of 24
328	328	operating the centralized system and hashed 25
329	329	VerDate Sep 11 2014 01:24 Apr 08, 2025 Jkt 059200 PO 00000 Frm 00011 Fmt 6652 Sfmt 6201 E:\BILLS\H2612.IH H2612
330	330	kjohnson on DSK7ZCZBW3PROD with $$_JOB 12
331	331	•HR 2612 IH
332	332	registries described in paragraph (1), as deter-1
333	333	mined by the Commission. 2
334	334	(C) A
335	335	VAILABILITY.—Any amounts col-3
336	336	lected by the Commission pursuant to this 4
337	337	paragraph shall be available without further ap-5
338	338	propriation to the Commission for the exclusive 6
339	339	purpose of enforcing and administering this sec-7
340	340	tion, including the implementation and mainte-8
341	341	nance of such centralized system and hashed 9
342	342	registries and the promotion of public aware-10
343	343	ness of the centralized system. 11
344	344	(c) E
345	345	NFORCEMENT BY THE COMMISSION.— 12
346	346	(1) U
347	347	NFAIR OR DECEPTIVE ACTS OR PRAC -13
348	348	TICES.—A violation of subsection (a) or (b) or a reg-14
349	349	ulation promulgated under this section shall be 15
350	350	treated as a violation of a rule defining an unfair or 16
351	351	deceptive act or practice under section 18(a)(1)(B) 17
352	352	of the Federal Trade Commission Act (15 U.S.C. 18
353	353	57a(a)(1)(B)). 19
354	354	(2) P
355	355	OWERS OF THE COMMISSION .— 20
356	356	(A) I
357	357	N GENERAL.—The Commission shall 21
358	358	enforce this section in the same manner, by the 22
359	359	same means, and with the same jurisdiction, 23
360	360	powers, and duties as though all applicable 24
361	361	terms and provisions of the Federal Trade 25
362	362	VerDate Sep 11 2014 01:24 Apr 08, 2025 Jkt 059200 PO 00000 Frm 00012 Fmt 6652 Sfmt 6201 E:\BILLS\H2612.IH H2612
363	363	kjohnson on DSK7ZCZBW3PROD with $$_JOB 13
364	364	•HR 2612 IH
365	365	Commission Act (15 U.S.C. 41 et seq.) were in-1
366	366	corporated into and made a part of this section. 2
367	367	(B) P
368	368	RIVILEGES AND IMMUNITIES .—Any 3
369	369	person who violates subsection (a) or (b) or a 4
370	370	regulation promulgated under this section shall 5
371	371	be subject to the penalties and entitled to the 6
372	372	privileges and immunities provided in the Fed-7
373	373	eral Trade Commission Act (15 U.S.C. 41 et 8
374	374	seq.). 9
375	375	(C) A
376	376	UTHORITY PRESERVED .—Nothing in 10
377	377	this section shall be construed to limit the au-11
378	378	thority of the Commission under any other pro-12
379	379	vision of law. 13
380	380	(D) R
381	381	ULEMAKING.—The Commission shall 14
382	382	promulgate in accordance with section 553 of 15
383	383	title 5, United States Code, such rules as may 16
384	384	be necessary to carry out this section. 17
385	385	(d) S
386	386	TUDY ANDREPORT.— 18
387	387	(1) S
388	388	TUDY.—The Commission shall conduct a 19
389	389	study on the implementation and enforcement of this 20
390	390	section. Such study shall include— 21
391	391	(A) an analysis of the effectiveness of the 22
392	392	centralized system established in subsection 23
393	393	(b)(1)(A); 24
394	394	VerDate Sep 11 2014 01:24 Apr 08, 2025 Jkt 059200 PO 00000 Frm 00013 Fmt 6652 Sfmt 6201 E:\BILLS\H2612.IH H2612
395	395	kjohnson on DSK7ZCZBW3PROD with $$_JOB 14
396	396	•HR 2612 IH
397	397	(B) the number deletion requests sub-1
398	398	mitted annually using such centralized system; 2
399	399	(C) an analysis of the progress of coordi-3
400	400	nating the operation and enforcement of such 4
401	401	requests with similar systems established and 5
402	402	maintained by the various States; and 6
403	403	(D) any other area determined appropriate 7
404	404	by the Commission. 8
405	405	(2) R
406	406	EPORT.—Not later than 3 years after the 9
407	407	date of enactment of this section, and annually 10
408	408	thereafter for each of the next 4 years, the Commis-11
409	409	sion shall submit to the Committee on Commerce, 12
410	410	Science, and Transportation of the Senate and the 13
411	411	Committee on Energy and Commerce of the House 14
412	412	of Representatives a report containing— 15
413	413	(A) the results of the study conducted pur-16
414	414	suant to paragraph (1); 17
415	415	(B) a summary of any enforcement actions 18
416	416	taken pursuant to this Act; and 19
417	417	(C) recommendations for any legislation 20
418	418	and administrative action as the Commission 21
419	419	determines appropriate. 22
420	420	(e) P
421	421	REEMPTION.— 23
422	422	(1) I
423	423	N GENERAL.—The provisions of this Act 24
424	424	shall preempt any State privacy law only to the ex-25
425	425	VerDate Sep 11 2014 01:24 Apr 08, 2025 Jkt 059200 PO 00000 Frm 00014 Fmt 6652 Sfmt 6201 E:\BILLS\H2612.IH H2612
426	426	kjohnson on DSK7ZCZBW3PROD with $$_JOB 15
427	427	•HR 2612 IH
428	428	tent that such State law is inconsistent with the pro-1
429	429	visions of this Act. 2
430	430	(2) G
431	431	REATER PROTECTION UNDER STATE 3
432	432	LAW.—For purposes of paragraph (1), a State pri-4
433	433	vacy law is not inconsistent with the provisions of 5
434	434	this Act if the protection such law affords any per-6
435	435	son is greater than the protection provided under 7
436	436	this Act, as determined by the Commission. 8
437	437	(f) D
438	438	EFINITIONS.—In this section: 9
439	439	(1) C
440	440	OMMISSION.—The term ‘‘Commission’’ 10
441	441	means the Federal Trade Commission. 11
442	442	(2) C
443	443	REDENTIALING PROCESS .—The term 12
444	444	‘‘credentialing process’’ means the practice of taking 13
445	445	reasonable steps to confirm— 14
446	446	(A) the identity of the entity with whom 15
447	447	the data broker has a direct relationship; 16
448	448	(B) that any data disclosed to the entity 17
449	449	by such data broker will be used for the de-18
450	450	scribed purpose of such disclosure; and 19
451	451	(C) that such data will not be used for un-20
452	452	lawful purposes. 21
453	453	(3) D
454	454	ATA BROKER.— 22
455	455	(A) I
456	456	N GENERAL .—The term ‘‘data 23
457	457	broker’’ means an entity that knowingly collects 24
458	458	or obtains the personal information of an indi-25
459	459	VerDate Sep 11 2014 01:24 Apr 08, 2025 Jkt 059200 PO 00000 Frm 00015 Fmt 6652 Sfmt 6201 E:\BILLS\H2612.IH H2612
460	460	kjohnson on DSK7ZCZBW3PROD with $$_JOB 16
461	461	•HR 2612 IH
462	462	vidual with whom the entity does not have a di-1
463	463	rect relationship and then— 2
464	464	(i) uses the personal information to 3
465	465	perform a service for a third party; or 4
466	466	(ii) sells, licenses, trades, provides for 5
467	467	consideration, or is otherwise compensated 6
468	468	for disclosing personal information to a 7
469	469	third party. 8
470	470	(B) E
471	471	XCLUSION.—The term ‘‘data broker’’ 9
472	472	does not include an entity who solely uses, sells, 10
473	473	licenses, trades, provides for consideration, or is 11
474	474	otherwise compensated for disclosing personal 12
475	475	information for 1 or more of the following ac-13
476	476	tivities: 14
477	477	(i) Providing 411 directory assistance 15
478	478	or directory information services, including 16
479	479	name, address, and telephone number, on 17
480	480	behalf of or as a function of a tele-18
481	481	communications carrier. 19
482	482	(ii) Providing an individual’s publicly 20
483	483	available information if the information is 21
484	484	being used by the recipient as it relates to 22
485	485	that individual’s business or profession. 23
486	486	(iii) Providing personal information to 24
487	487	a third party at the express direction of 25
488	488	VerDate Sep 11 2014 01:24 Apr 08, 2025 Jkt 059200 PO 00000 Frm 00016 Fmt 6652 Sfmt 6201 E:\BILLS\H2612.IH H2612
489	489	kjohnson on DSK7ZCZBW3PROD with $$_JOB 17
490	490	•HR 2612 IH
491	491	the individual for a clearly disclosed single- 1
492	492	use purpose. 2
493	493	(iv) Providing or using personal infor-3
494	494	mation for assessing, verifying, or authen-4
495	495	ticating an individual’s identity, or for in-5
496	496	vestigating or preventing actual or poten-6
497	497	tial fraud. 7
498	498	(v) Gathering, preparing, collecting, 8
499	499	photographing, recording, writing, editing, 9
500	500	reporting, or publishing news or informa-10
501	501	tion that concerns local, national, or inter-11
502	502	national events or other matters of public 12
503	503	interest (as determined by the Commis-13
504	504	sion) for dissemination to the public. 14
505	505	(vi) Acting as a consumer reporting 15
506	506	agency (as defined in section 603(f) of the 16
507	507	Fair Credit Reporting Act (15 U.S.C. 17
508	508	1681a(f))). 18
509	509	(C) E
510	510	XCLUSION FROM SALE.— 19
511	511	(i) I
512	512	N GENERAL.—For purposes of 20
513	513	this paragraph, the term ‘‘sells’’ does not 21
514	514	include a one-time or occasional sale of as-22
515	515	sets of an entity as part of a transfer of 23
516	516	control of those assets that is not part of 24
517	517	the ordinary conduct of the entity. 25
518	518	VerDate Sep 11 2014 01:24 Apr 08, 2025 Jkt 059200 PO 00000 Frm 00017 Fmt 6652 Sfmt 6201 E:\BILLS\H2612.IH H2612
519	519	kjohnson on DSK7ZCZBW3PROD with $$_JOB 18
520	520	•HR 2612 IH
521	521	(ii) NOTICE REQUIRED.—To meet the 1
522	522	exclusion criteria described in clause (i), an 2
523	523	entity must provide notice to the Commis-3
524	524	sion, in the manner determined appro-4
525	525	priate by the Commission, of any such one- 5
526	526	time or occasional sale of assets. 6
527	527	(4) D
528	528	ELETE.—The term ‘‘delete’’ means to re-7
529	529	move or destroy information such that the informa-8
530	530	tion is not maintained in human- or machine-read-9
531	531	able form and cannot be retrieved or utilized in such 10
532	532	form in the normal course of business. 11
533	533	(5) D
534	534	IRECT RELATIONSHIP.— 12
535	535	(A) I
536	536	N GENERAL.—The term ‘‘direct rela-13
537	537	tionship’’ means a relationship between an indi-14
538	538	vidual and an entity where the individual— 15
539	539	(i) is a current customer; 16
540	540	(ii) has obtained a good or service 17
541	541	from the entity within the prior 18 18
542	542	months; or 19
543	543	(iii) has made an inquiry about the 20
544	544	products or services of the entity within 21
545	545	the prior 90 days. 22
546	546	(B) E
547	547	XCLUSION.—The term ‘‘direct rela-23
548	548	tionship’’ does not include a relationship— 24
549	549	VerDate Sep 11 2014 01:24 Apr 08, 2025 Jkt 059200 PO 00000 Frm 00018 Fmt 6652 Sfmt 6201 E:\BILLS\H2612.IH H2612
550	550	kjohnson on DSK7ZCZBW3PROD with $$_JOB 19
551	551	•HR 2612 IH
552	552	(i) between an individual and a data 1
553	553	broker where the individual’s only connec-2
554	554	tion to the data broker is based on the in-3
555	555	dividual’s request— 4
556	556	(I) for the data broker to delete 5
557	557	the personal information of the indi-6
558	558	vidual; or 7
559	559	(II) to opt-out of the data bro-8
560	560	ker’s collection or use of personal in-9
561	561	formation, certain sales of such infor-10
562	562	mation, or its databases; or 11
563	563	(ii) required under any State or Fed-12
564	564	eral law related to the use of personal in-13
565	565	formation. 14
566	566	(6) H
567	567	ASH.—The term ‘‘hash’’ means to input 15
568	568	data to a cryptographic, one-way, collision resistant 16
569	569	function that maps a bit string of arbitrary length 17
570	570	to a fixed-length bit string to produce a cryp-18
571	571	tographically secure value. 19
572	572	(7) H
573	573	ASHED.—The term ‘‘hashed’’ means the 20
574	574	type of value produced by hashing data. 21
575	575	(8) H
576	576	UMAN SUBJECTS RESEARCH .—The term 22
577	577	‘‘human subjects research’’ means research that— 23
578	578	(A) an investigator (whether professional 24
579	579	or student) conducts on a living individual; and 25
580	580	VerDate Sep 11 2014 01:24 Apr 08, 2025 Jkt 059200 PO 00000 Frm 00019 Fmt 6652 Sfmt 6201 E:\BILLS\H2612.IH H2612
581	581	kjohnson on DSK7ZCZBW3PROD with $$_JOB 20
582	582	•HR 2612 IH
583	583	(B) either— 1
584	584	(i) obtains information or biospeci-2
585	585	mens through intervention or interaction 3
586	586	with the individual, and uses, studies, or 4
587	587	analyzes the information or biospecimens; 5
588	588	or 6
589	589	(ii) obtains, uses, studies, analyzes, or 7
590	590	generates personal information or identifi-8
591	591	able biospecimens. 9
592	592	(9) P
593	593	ERSONAL INFORMATION .— 10
594	594	(A) I
595	595	N GENERAL.—The term ‘‘personal in-11
596	596	formation’’ means any information held by a 12
597	597	data broker, regardless of how the information 13
598	598	is collected, inferred, created, or obtained, that 14
599	599	is linked or reasonably linkable by the data 15
600	600	broker to a particular individual or consumer 16
601	601	device, including the following: 17
602	602	(i) Financial information, including 18
603	603	any bank account number, credit card 19
604	604	number, debit card number, or insurance 20
605	605	policy number. 21
606	606	(ii) A name, alias, home or other 22
607	607	physical address, online identifier, Internet 23
608	608	Protocol address, email address, phone 24
609	609	number, account name, State identification 25
610	610	VerDate Sep 11 2014 01:24 Apr 08, 2025 Jkt 059200 PO 00000 Frm 00020 Fmt 6652 Sfmt 6201 E:\BILLS\H2612.IH H2612
611	611	kjohnson on DSK7ZCZBW3PROD with $$_JOB 21
612	612	•HR 2612 IH
613	613	card number, driver’s license number, 1
614	614	passport number, or an identifying number 2
615	615	on a government-issued identification. 3
616	616	(iii) Geolocation information. 4
617	617	(iv) Biometric information. 5
618	618	(v) The contents of, attachments to, 6
619	619	or parties to information, including with 7
620	620	respect to email, text messages, picture 8
621	621	messages, voicemails, audio conversations, 9
622	622	or video conversations. 10
623	623	(vi) Web browsing history, including 11
624	624	any search query. 12
625	625	(vii) Genetic sequencing information. 13
626	626	(viii) A device identifier, online identi-14
627	627	fier, persistent identifier, or digital 15
628	628	fingerprinting information. 16
629	629	(ix) Any inference drawn from any of 17
630	630	the information described in this para-18
631	631	graph that is used to create a profile about 19
632	632	an individual that reflects such individual’s 20
633	633	preferences, characteristics, psychological 21
634	634	trends, predispositions, behavior, attitudes, 22
635	635	intelligence, abilities, or aptitudes. 23
636	636	(x) Any other information determined 24
637	637	appropriate by the Commission. 25
638	638	VerDate Sep 11 2014 01:24 Apr 08, 2025 Jkt 059200 PO 00000 Frm 00021 Fmt 6652 Sfmt 6201 E:\BILLS\H2612.IH H2612
639	639	kjohnson on DSK7ZCZBW3PROD with $$_JOB 22
640	640	•HR 2612 IH
641	641	(B) LINKED OR REASONABLY LINKABLE .— 1
642	642	For purposes of subparagraph (A), information 2
643	643	is ‘‘linked or reasonably linkable’’ to a par-3
644	644	ticular individual or consumer device if the in-4
645	645	formation can be used on its own or in com-5
646	646	bination with other information held by or read-6
647	647	ily accessible to a data broker to identify a par-7
648	648	ticular individual or consumer device. 8
649	649	(10) P
650	650	ROCESS.—The term ‘‘process’’ means to 9
651	651	perform or direct the performance of an operation 10
652	652	on personal information, including the collection, 11
653	653	transmission, use, disclosure, analysis, prediction, or 12
654	654	modification of such personal information, whether 13
655	655	or not by automated means. 14
656	656	(11) S
657	657	ALT.—The term ‘‘salt’’ means to add a 15
658	658	random string of data to the input of a hash func-16
659	659	tion. 17
660	660	(12) U
661	661	NIFORM RESOURCE LOCATOR ; URL.—The 18
662	662	term ‘‘uniform resource locator’’ or ‘‘URL’’ means a 19
663	663	short string containing an address that refers to an 20
664	664	object on the web. 21
665	665	Æ
666	666	VerDate Sep 11 2014 01:24 Apr 08, 2025 Jkt 059200 PO 00000 Frm 00022 Fmt 6652 Sfmt 6301 E:\BILLS\H2612.IH H2612
667	667	kjohnson on DSK7ZCZBW3PROD with $$_JOB