Bill Summary – FastDemocracy

      
            H.B. No. 4
         
               AN ACT
            
            relating to the regulation of the collection, use, processing, and 
         
            treatment of consumers' personal data by certain business entities; 
         
            imposing a civil penalty.
         
                   BE IT ENACTED BY THE LEGISLATURE OF THE STATE OF TEXAS:
         
                   SECTION 1.  This Act may be cited as the Texas Data Privacy 
         
            and Security Act.
         
                   SECTION 2.  Title 11, Business & Commerce Code, is amended by 
         
            adding Subtitle C to read as follows:
         
            SUBTITLE C. CONSUMER DATA PROTECTION
         
            CHAPTER 541. CONSUMER DATA PROTECTION
         
            SUBCHAPTER A. GENERAL PROVISIONS
         
                   Sec. 541.001.  DEFINITIONS.  In this chapter, unless a 
         
            different meaning is required by the context:
         
                         (1)  "Affiliate" means a legal entity that controls, is 
         
            controlled by, or is under common control with another legal entity 
         
            or shares common branding with another legal entity. For purposes 
         
            of this subdivision, "control" or "controlled" means:
         
                               (A)  the ownership of, or power to vote, more than 
         
            50 percent of the outstanding shares of any class of voting security 
         
            of a company;
         
                               (B)  the control in any manner over the election 
         
            of a majority of the directors or of individuals exercising similar 
         
            functions; or
         
                               (C)  the power to exercise controlling influence 
         
            over the management of a company.
         
                         (2)  "Authenticate" means to verify through reasonable 
         
            means that the consumer who is entitled to exercise the consumer's 
         
            rights under Subchapter B is the same consumer exercising those 
         
            consumer rights with respect to the personal data at issue.
         
                         (3)  "Biometric data" means data generated by automatic 
         
            measurements of an individual's biological characteristics.  The 
         
            term includes a fingerprint, voiceprint, eye retina or iris, or 
         
            other unique biological pattern or characteristic that is used to 
         
            identify a specific individual. The term does not include a 
         
            physical or digital photograph or data generated from a physical or 
         
            digital photograph, a video or audio recording or data generated 
         
            from a video or audio recording, or information collected, used, or 
         
            stored for health care treatment, payment, or operations under the 
         
            Health Insurance Portability and Accountability Act of 1996 (42 
         
            U.S.C. Section 1320d et seq.).
         
                         (4)  "Business associate" has the meaning assigned to 
         
            the term by the Health Insurance Portability and Accountability Act 
         
            of 1996 (42 U.S.C. Section 1320d et seq.).
         
                         (5)  "Child" means an individual younger than 13 years 
         
            of age.
         
                         (6)  "Consent," when referring to a consumer, means a 
         
            clear affirmative act signifying a consumer's freely given, 
         
            specific, informed, and unambiguous agreement to process personal 
         
            data relating to the consumer. The term includes a written 
         
            statement, including a statement written by electronic means, or 
         
            any other unambiguous affirmative action.  The term does not 
         
            include:
         
                               (A)  acceptance of a general or broad terms of use 
         
            or similar document that contains descriptions of personal data 
         
            processing along with other, unrelated information;
         
                               (B)  hovering over, muting, pausing, or closing a 
         
            given piece of content; or
         
                               (C)  agreement obtained through the use of dark 
         
            patterns.
         
                         (7)  "Consumer" means an individual who is a resident 
         
            of this state acting only in an individual or household context. The 
         
            term does not include an individual acting in a commercial or 
         
            employment context.
         
                         (8)  "Controller" means an individual or other person 
         
            that, alone or jointly with others, determines the purpose and 
         
            means of processing personal data.
         
                         (9)  "Covered entity" has the meaning assigned to the 
         
            term by the Health Insurance Portability and Accountability Act of 
         
            1996 (42 U.S.C. Section 1320d et seq.).
         
                         (10)  "Dark pattern" means a user interface designed or 
         
            manipulated with the effect of substantially subverting or 
         
Statutes affected: 
Introduced:  ()
House Committee Report:  ()
Engrossed:  ()
Senate Committee Report:  ()
Enrolled:  ()




	AN ACT
	relating to the regulation of the collection, use, processing, and
	treatment of consumers' personal data by certain business entities;
	imposing a civil penalty.
	BE IT ENACTED BY THE LEGISLATURE OF THE STATE OF TEXAS:
	SECTION 1. This Act may be cited as the Texas Data Privacy
	and Security Act.
	SECTION 2. Title 11, Business & Commerce Code, is amended by
	adding Subtitle C to read as follows:
	SUBTITLE C. CONSUMER DATA PROTECTION
	CHAPTER 541. CONSUMER DATA PROTECTION
	SUBCHAPTER A. GENERAL PROVISIONS
	Sec. 541.001. DEFINITIONS. In this chapter, unless a
	different meaning is required by the context:
	(1) "Affiliate" means a legal entity that controls, is
	controlled by, or is under common control with another legal entity
	or shares common branding with another legal entity. For purposes
	of this subdivision, "control" or "controlled" means:
	(A) the ownership of, or power to vote, more than
	50 percent of the outstanding shares of any class of voting security
	of a company;
	(B) the control in any manner over the election
	of a majority of the directors or of individuals exercising similar
	functions; or
	(C) the power to exercise controlling influence
	over the management of a company.
	(2) "Authenticate" means to verify through reasonable
	means that the consumer who is entitled to exercise the consumer's
	rights under Subchapter B is the same consumer exercising those
	consumer rights with respect to the personal data at issue.
	(3) "Biometric data" means data generated by automatic
	measurements of an individual's biological characteristics. The
	term includes a fingerprint, voiceprint, eye retina or iris, or
	other unique biological pattern or characteristic that is used to
	identify a specific individual. The term does not include a
	physical or digital photograph or data generated from a physical or
	digital photograph, a video or audio recording or data generated
	from a video or audio recording, or information collected, used, or
	stored for health care treatment, payment, or operations under the
	Health Insurance Portability and Accountability Act of 1996 (42
	U.S.C. Section 1320d et seq.).
	(4) "Business associate" has the meaning assigned to
	the term by the Health Insurance Portability and Accountability Act
	of 1996 (42 U.S.C. Section 1320d et seq.).
	(5) "Child" means an individual younger than 13 years
	of age.
	(6) "Consent," when referring to a consumer, means a
	clear affirmative act signifying a consumer's freely given,
	specific, informed, and unambiguous agreement to process personal
	data relating to the consumer. The term includes a written
	statement, including a statement written by electronic means, or
	any other unambiguous affirmative action. The term does not
	include:
	(A) acceptance of a general or broad terms of use
	or similar document that contains descriptions of personal data
	processing along with other, unrelated information;
	(B) hovering over, muting, pausing, or closing a
	given piece of content; or
	(C) agreement obtained through the use of dark
	patterns.
	(7) "Consumer" means an individual who is a resident
	of this state acting only in an individual or household context. The
	term does not include an individual acting in a commercial or
	employment context.
	(8) "Controller" means an individual or other person
	that, alone or jointly with others, determines the purpose and
	means of processing personal data.
	(9) "Covered entity" has the meaning assigned to the
	term by the Health Insurance Portability and Accountability Act of
	1996 (42 U.S.C. Section 1320d et seq.).
	(10) "Dark pattern" means a user interface designed or
	manipulated with the effect of substantially subverting or
Statutes affected: Introduced: () House Committee Report: () Engrossed: () Senate Committee Report: () Enrolled: ()