Bill Summary – FastDemocracy

      
            88R10880 TYPED
         
		By: Capriglione
            H.B. No. 1844
         
               A BILL TO BE ENTITLED
            
               AN ACT
            
            relating to the regulation of the collection, use, processing, and 
         
            treatment of consumers' personal data by certain business entities; 
         
            imposing a civil penalty.
         
                   BE IT ENACTED BY THE LEGISLATURE OF THE STATE OF TEXAS:
         
                   SECTION 1.  Title 11, Business & Commerce Code, is amended by 
         
            adding Subtitle C to read as follows:
         
            SUBTITLE C. CONSUMER DATA PROTECTION
         
            CHAPTER 541. CONSUMER DATA PROTECTION
         
            SUBCHAPTER A. GENERAL PROVISIONS
         
                   Sec. 541.001  SHORT TITLE.  This chapter may be cited as the 
         
            Texas Data Privacy and Security Act.
         
                   Sec. 541.002.  DEFINITIONS.  In this chapter, unless a 
         
            different meaning is required by the context:
         
                         (1)  "Affiliate" means a legal entity that controls, is 
         
            controlled by, or is under common control with another legal entity 
         
            or shares common branding with another legal entity. For purposes 
         
            of this subdivision, "control" or "controlled" means:
         
                               (A)  the ownership of, or power to vote, more than 
         
            50 percent of the outstanding shares of any class of voting security 
         
            of a company;
         
                               (B)  the control in any manner over the election 
         
            of a majority of the directors or of individuals exercising similar 
         
            functions; or
         
                               (C)  the power to exercise controlling influence 
         
            over the management of a company.
         
                         (2)  "Authenticate" means to verify through reasonable 
         
            means that the consumer who is entitled to exercise the consumer's 
         
            rights under Subchapter B is the same consumer exercising those 
         
            consumer rights with respect to the personal data at issue.
         
                         (3)  "Biometric data" "Biometric data" means data 
         
            generated by automatic measurements of an individual's biological 
         
            characteristics, such as fingerprint, voiceprint, eye retina or 
         
            iris, or other unique biological patterns or characteristics, that 
         
            are used to identify a specific individual.  The term does not 
         
            include physical or digital photograph, a video or audio recording, 
         
            or data generated therefrom, or information collected, used, or 
         
            stored for health care treatment, payment, or operations under the 
         
            Health Insurance Portability and Accountability Act of 1996 (42 
         
            U.S.C. Section 1320 et seq.)
         
                         (4)  "Business associate" has the meaning assigned to 
         
            the term by the Health Insurance Portability and Accountability Act 
         
            of 1996 (42 U.S.C. Section 1320d et seq.).
         
                         (5)  "Child" means an individual younger than 13 years 
         
            of age.
         
                         (6)  "Consent," when referring to a consumer, means a 
         
            clear affirmative act signifying a consumer's freely given, 
         
            specific, informed, and unambiguous agreement to process personal 
         
            data relating to the consumer.  The term includes a written 
         
            statement, including a statement written by electronic means, or 
         
            any other unambiguous affirmative action.  "Consent" does not 
         
            include:
         
                               (A)  acceptance of a general or broad terms of use 
         
            or similar document that contains descriptions of personal data 
         
            processing along with other, unrelated information;
         
                               (B)  hovering over, muting, pausing or closing a 
         
            given piece of content; or 
         
                               (C)  agreement obtained through the use of dark 
         
            patterns.
         
                         (7)  "Consumer" means an individual who is a resident 
         
            of this state acting only in an individual or household context. The 
         
            term does not include an individual acting in a commercial or 
         
            employment context.
         
                         (8)  "Controller" means an individual or other person 
         
            that, alone or jointly with others, determines the purpose and 
         
            means of processing personal data.
         
                         (9)  "Covered entity" has the meaning assigned to the 
         
            term by the Health Insurance Portability and Accountability Act of 
         
            1996 (42 U.S.C. Section 1320d et seq.).
         
                         (10)  "Dark pattern" means a user interface designed or 
         
            manipulated with the substantial effect of subverting or impair
Statutes affected: 
Introduced:  ()



	A BILL TO BE ENTITLED
	AN ACT
	relating to the regulation of the collection, use, processing, and
	treatment of consumers' personal data by certain business entities;
	imposing a civil penalty.
	BE IT ENACTED BY THE LEGISLATURE OF THE STATE OF TEXAS:
	SECTION 1. Title 11, Business & Commerce Code, is amended by
	adding Subtitle C to read as follows:
	SUBTITLE C. CONSUMER DATA PROTECTION
	CHAPTER 541. CONSUMER DATA PROTECTION
	SUBCHAPTER A. GENERAL PROVISIONS
	Sec. 541.001 SHORT TITLE. This chapter may be cited as the
	Texas Data Privacy and Security Act.
	Sec. 541.002. DEFINITIONS. In this chapter, unless a
	different meaning is required by the context:
	(1) "Affiliate" means a legal entity that controls, is
	controlled by, or is under common control with another legal entity
	or shares common branding with another legal entity. For purposes
	of this subdivision, "control" or "controlled" means:
	(A) the ownership of, or power to vote, more than
	50 percent of the outstanding shares of any class of voting security
	of a company;
	(B) the control in any manner over the election
	of a majority of the directors or of individuals exercising similar
	functions; or
	(C) the power to exercise controlling influence
	over the management of a company.
	(2) "Authenticate" means to verify through reasonable
	means that the consumer who is entitled to exercise the consumer's
	rights under Subchapter B is the same consumer exercising those
	consumer rights with respect to the personal data at issue.
	(3) "Biometric data" "Biometric data" means data
	generated by automatic measurements of an individual's biological
	characteristics, such as fingerprint, voiceprint, eye retina or
	iris, or other unique biological patterns or characteristics, that
	are used to identify a specific individual. The term does not
	include physical or digital photograph, a video or audio recording,
	or data generated therefrom, or information collected, used, or
	stored for health care treatment, payment, or operations under the
	Health Insurance Portability and Accountability Act of 1996 (42
	U.S.C. Section 1320 et seq.)
	(4) "Business associate" has the meaning assigned to
	the term by the Health Insurance Portability and Accountability Act
	of 1996 (42 U.S.C. Section 1320d et seq.).
	(5) "Child" means an individual younger than 13 years
	of age.
	(6) "Consent," when referring to a consumer, means a
	clear affirmative act signifying a consumer's freely given,
	specific, informed, and unambiguous agreement to process personal
	data relating to the consumer. The term includes a written
	statement, including a statement written by electronic means, or
	any other unambiguous affirmative action. "Consent" does not
	include:
	(A) acceptance of a general or broad terms of use
	or similar document that contains descriptions of personal data
	processing along with other, unrelated information;
	(B) hovering over, muting, pausing or closing a
	given piece of content; or
	(C) agreement obtained through the use of dark
	patterns.
	(7) "Consumer" means an individual who is a resident
	of this state acting only in an individual or household context. The
	term does not include an individual acting in a commercial or
	employment context.
	(8) "Controller" means an individual or other person
	that, alone or jointly with others, determines the purpose and
	means of processing personal data.
	(9) "Covered entity" has the meaning assigned to the
	term by the Health Insurance Portability and Accountability Act of
	1996 (42 U.S.C. Section 1320d et seq.).
	(10) "Dark pattern" means a user interface designed or
	manipulated with the substantial effect of subverting or impair Statutes affected: Introduced: ()