[Congressional Bills 118th Congress]
[From the U.S. Government Publishing Office]
[S. 2597 Introduced in Senate (IS)]
<DOC>
118th CONGRESS
1st Session
S. 2597
To amend the Clayton Act to establish a new Federal commission to
regulate digital platforms, including with respect to competition,
transparency, privacy, and national security.
_______________________________________________________________________
IN THE SENATE OF THE UNITED STATES
July 27, 2023
Ms. Warren (for herself and Mr. Graham) introduced the following bill;
which was read twice and referred to the Committee on the Judiciary
_______________________________________________________________________
A BILL
To amend the Clayton Act to establish a new Federal commission to
regulate digital platforms, including with respect to competition,
transparency, privacy, and national security.
Be it enacted by the Senate and House of Representatives of the
United States of America in Congress assembled,
SECTION 1. SHORT TITLE.
This Act may be cited as the ``Digital Consumer Protection
Commission Act of 2023''.
TITLE I--AMENDMENTS TO CLAYTON ACT
SEC. 101. ESTABLISHMENT OF DIGITAL CONSUMER PROTECTION COMMISSION.
The Clayton Act (15 U.S.C. 12 et seq.) is amended--
(1) by striking ``That (a)'' and inserting the following:
``DIVISION A--ORIGINAL ANTITRUST PROVISIONS
``Section 1. (a) The term'';
(2) in division A, as so designated, by adding at the end
the following:
``Sec. 29. (a) Any reference to `this Act' in this division shall
be deemed to be a reference to this division.
``(b) Any reference to the Clayton Act in any other provision of
law shall be deemed to be a reference to this division unless the
provision specifically references division B of this Act or a provision
in division B of this Act.''; and
(3) by adding at the end the following:
``DIVISION B--DIGITAL CONSUMER PROTECTION COMMISSION
``SEC. 2001. TABLE OF CONTENTS.
``The table of contents for this division is as follows:
``Sec. 2001. Table of contents.
``Sec. 2002. Definitions.
``TITLE I--ESTABLISHMENT OF DIGITAL CONSUMER PROTECTION COMMISSION
``Subtitle A--Commission Structure, Jurisdiction, and Powers
``Sec. 2111. Establishment.
``Sec. 2112. Commissioners.
``Sec. 2113. Designation of acting chairperson; sessions; seal.
``Sec. 2114. Commission jurisdiction.
``Sec. 2115. Commission powers.
``Sec. 2116. Rulemaking authority.
``Sec. 2117. Advisory boards.
``Sec. 2118. Complaints.
``Subtitle B--Dominant Platforms
``Sec. 2121. Dominant platforms.
``TITLE II--TRANSPARENCY REFORM
``Sec. 2201. Transparency practices and appeal rights.
``Sec. 2202. Best practices.
``TITLE III--COMPETITION REFORM
``Subtitle A--Antitrust Review
``Sec. 2311. Abuses of dominance.
``Sec. 2312. Platform conflicts of interest.
``Sec. 2313. Future acquisitions.
``Sec. 2314. Retrospective reviews.
``Sec. 2315. Additional remedies.
``Sec. 2316. Contractual transparency.
``Sec. 2317. Prohibition on abusive acts or practices.
``Sec. 2318. Data brokers.
``Subtitle B--Data Portability and Interoperability.
``Sec. 2321. Data portability and interoperability.
``Subtitle C--Miscellaneous
``Sec. 2331. Rule of construction.
``TITLE IV--PRIVACY REFORM
``Subtitle A--Covered Entity Duties and Requirements.
``Sec. 2411. Duty of loyalty.
``Sec. 2412. Duty of care.
``Sec. 2413. Duty of mitigation.
``Sec. 2414. Duty of confidentiality; data collection and processing.
``Sec. 2415. Limitations on targeted advertising.
``Sec. 2416. Rights of data subjects to access, correction,
portability, and deletion.
``Sec. 2417. Right to know.
``Subtitle B--Data Security Reform
``Sec. 2421. Data security safeguards.
``Sec. 2422. Civil penalties and damages for data breaches.
``Subtitle C--Miscellaneous
``Sec. 2431. Authority to propose and establish heightened requirements
for dominant platform operators.
``TITLE V--NATIONAL SECURITY REFORM
``Sec. 2501. Corporate citizenship and ownership.
``Sec. 2502. Limitation of data processing in restricted countries.
``Sec. 2503. Bot and country-of-origin identifications.
``TITLE VI--LICENSES FOR OPERATORS OF DOMINANT PLATFORMS
``Sec. 2601. Licensing office.
``Sec. 2602. Requirement for operators of dominant platforms to obtain
licenses.
``Sec. 2603. Revocation of license.
``Sec. 2604. Compliance certification.
``TITLE VII--ENFORCEMENT BY OTHER ENTITIES
``Sec. 2701. Enforcement by States, private parties, and Federal
agencies.
``Sec. 2702. Exclusive jurisdiction.
``TITLE VIII--MISCELLANEOUS
``Sec. 2801. Funding.
``Sec. 2802. Interagency cooperation.
``Sec. 2803. Effective date.
``Sec. 2804. Rules of construction.
``Sec. 2805. Severability.
``SEC. 2002. DEFINITIONS.
``In this division:
``(1) Algorithm.--
``(A) In general.--The term `algorithm' means a
computational process derived from machine learning,
statistics, or other data processing or artificial
intelligence techniques, that processes data for the
purpose of--
``(i) making a decision or facilitating
human decision-making;
``(ii) generating content;
``(iii) the display of search results or
rankings; or
``(iv) any other method of automated
decision-making, content selection, or content
amplification.
``(B) Temporal scope.--The term `algorithm'
encompasses a computational process described in
subparagraph (A) as it evolves over time, not just at
its original point of creation.
``(2) Business user.--The term `business user', with
respect to a platform, means a person that uses or plans to use
the platform for the sale or provision of products or services.
``(3) Child.--The term `child' means an individual younger
than 18 years of age.
``(4) Clear and conspicuous.--The term `clear and
conspicuous', with respect to a disclosure, means the
disclosure is easily noticeable and easily understandable by
ordinary consumers, including in each of the following ways:
``(A) In any communication that is solely visual or
solely audible, the disclosure shall be made through
the same means through which the communication is
presented.
``(B) A visual disclosure, by its size, contrast,
location, the length of time it appears, and other
characteristics, shall stand out from any accompanying
text or other visual elements so that the disclosure is
easily noticed, read, and understood.
``(C) An audible disclosure, including by telephone
or streaming video, shall be delivered in a volume,
speed, and cadence sufficient for an ordinary consumer
to easily hear and understand the disclosure.
``(D) In any communication using an interactive
electronic medium, such as the internet or software,
the disclosure shall be unavoidable.
``(E) The disclosure shall--
``(i) use diction and syntax understandable
to ordinary consumers; and
``(ii) appear in each language in which the
communication in which the disclosure appears
is presented.
``(F) The disclosure shall comply with the
requirements under this paragraph in each medium
through which the disclosure appears, including all
electronic devices and face-to-face communications.
``(G) The disclosure may not be contradicted or
mitigated by, or inconsistent with, anything else in
the communication.
``(H) If the representation or sales practice
targets a specific audience, such as children, the
elderly, or the terminally ill, the term `ordinary
consumer', as used in this paragraph, includes
reasonable members of that audience.
``(5) Commission.--The term `Commission', except as
otherwise provided, means the Digital Consumer Protection
Commission established under section 2111.
``(6) Control.--The term `control', with respect to a
person or platform, means--
``(A) holding not less than 25 percent of the stock
of the person or platform;
``(B) having the right to not less than 25 percent
of the profits of the person or platform;
``(C) having the right to not less than 25 percent
of the assets of the person or platform, in the event
of the dissolution of the person or platform;
``(D) if the person or platform is a corporation,
having the power to designate not less than 25 percent
of the directors of the person or platform;
``(E) if the person or platform is a trust, having
the power to designate not less than 25 percent of the
trustees; or
``(F) otherwise exercising substantial ability to
direct the actions of the person or platform.
``(7) Covered breach.--The term `covered breach' means any
instance in which not less than 1 piece of personal data held
by a covered entity is exposed, or is reasonably likely to have
been exposed, to an unauthorized party.
``(8) Covered entity.--
``(A) In general.--Subject to subparagraph (B), the
term `covered entity'--
``(i) means any person that collects,
processes, or transfers personal data and--
``(I) is subject to the Federal
Trade Commission Act (15 U.S.C. 41 et
seq.); or
``(II) is--
``(aa) a bank, savings and
loan institution described in
section 18(f)(3) of the Federal
Trade Commission Act (15 U.S.C.
57a(f)(3)), or Federal credit
union described in section
18(f)(4) of such Act;
``(bb) a common carrier
subject to the Acts to regulate
commerce (as defined in section
4 of the Federal Trade
Commission Act (15 U.S.C. 44));
``(cc) an air carrier or
foreign air carrier subject to
the Federal Aviation Act of
1958 (49 U.S.C. App. 1301 et
seq.); or
``(dd) a person,
partnership, or corporation
subject to the Packers and
Stockyards Act, 1921, as
amended; and
``(ii) includes any person that controls,
is controlled by, or is under common control
with the covered entity.
``(B) Exclusions.--Such term does not include--
``(i) a Federal, State, Tribal,
territorial, or local government entity such as
a body, authority, board, bureau, commission,
district, agency, or political subdivision of
the Federal Government or a State, Tribal,
territorial, or local government;
``(ii) a person that is collecting,
processing, or transferring personal data on
behalf of a Federal, State, Tribal,
territorial, or local government entity, in so
far as such person is acting as a service
provider to the government entity; or
``(iii) an entity that serves as a
congressionally designated nonprofit, national
resource center, and clearinghouse to provide
assistance to victims, families, child-serving
professionals, and the general public on
missing and exploited children issues.
``(9) Critical trading partner.--The term `critical trading
partner' means an entity that has the ability to restrict or
impede the access of a business user to--
``(A) the users or customers of the business user;
or
``(B) a tool or service that the business user
needs to effectively serve the users or customers of
the business user.
``(10) Data broker.--The term `data broker' means a person
that collects, buys, licenses, or infers data about individuals
and then sells, licenses, or trades that data in a commercial
transaction.
``(11) Data processing.--The term `data processing'--
``(A) means any operation or set of operations that
is performed on personal data or on sets of personal
data, whether or not by automated means, such as
collection, recording, organization, structuring,
storage, adaptation or alteration, retrieval,
consultation, use, disclosure by transmission,
dissemination or otherwise making available, alignment
or combination, restriction, or erasure or destruction;
and
``(B) includes the sale, resale, licensing, or
trading of personal data.
``(12) De-identified data.--The term `de-identified data'
means data, derived from sensitive personal data, that cannot
reasonably be used to infer information about, or otherwise be
linked to, an identified or identifiable individual or
household, or a device linked to such an individual or
household.
``(13) Dominant platform.--The term `dominant platform' has
the meaning given the term in section 2121.
``(14) Governmental entity.--The term `governmental entity'
means a department or agency of--
``(A) the United States;
``(B) a State or political subdivision thereof; or
``(C) a foreign country or political subdivision
thereof.
``(15) Operator.--The term `operator', with respect to a
platform, means a person that owns or controls the platform.
``(16) Personal data.--The term `personal data'--
``(A) means information collected through activity
on a platform that identifies or is linked or
reasonably linkable to--
``(i) a user of the platform or any
individual; or
``(ii) a device routinely used by or
associated with a user of the platform or any
individual; and
``(B) does not include--
``(i) de-identified data; or
``(ii) publicly available information.
``(17) Platform.--The term `platform' means a website,
online or mobile application, operating system, online
advertising exchange, digital assistant, or other digital
service that--
``(A) enables a user to--
``(i) generate content that can be viewed
by other users on the website, online or mobile
application, operating system, online
advertising exchange, digital assistant, or
other digital service; or
``(ii) interact with other content on the
website, online or mobile application,
operating system, online advertising exchange,
digital assistant, or other digital service;
``(B) facilitates the offering, sale, purchase,
payment, or shipping of products or services, including
software applications and online advertising, among
consumers or businesses not controlled by the website,
online or mobile application, operating system, online
advertising exchange, digital assistant, or other
digital service; or
``(C) enables user searches or queries that access
or display a large volume of information.
``(18) Platform conflict of interest.--The term `platform
conflict of interest' means the conflict of interest that
arises when a person owns or controls a platform while
simultaneously--
``(A) owning or controlling a line of business that
competes against third parties on that platform, if the
person has the ability and incentive to, or does--
``(i) advantage its own business on the
platform over third-party competitors on the
platform; or
``(ii) disadvantage the business of third-
party competitors on the platform; or
``(B) representing both buyers and sellers for
transactions or business on the platform.
``(19) Restricted country.--The term `restricted country'
means a country for which a prohibition or a policy of denial
applies under section 126.1 of title 22, Code of Federal
Regulations (or a successor regulation).
``(20) Sensitive personal data.--
``(A) In general.--The term `sensitive personal
data' means any of the following forms of personal