Bill Sponsor
Senate Bill 1951
116th Congress(2019-2020)
Designing Accounting Safeguards To Help Broaden Oversight and Regulations on Data
Introduced
Introduced
Introduced in Senate on Jun 25, 2019
Overview
Text
Introduced in Senate 
Jun 25, 2019
About Linkage
Multiple bills can contain the same text. This could be an identical bill in the opposite chamber or a smaller bill with a section embedded in a larger bill.
Bill Sponsor regularly scans bill texts to find sections that are contained in other bill texts. When a matching section is found, the bills containing that section can be viewed by clicking "View Bills" within the bill text section.
Bill Sponsor is currently only finding exact word-for-word section matches. In a future release, partial matches will be included.
Introduced in Senate(Jun 25, 2019)
Jun 25, 2019
About Linkage
Multiple bills can contain the same text. This could be an identical bill in the opposite chamber or a smaller bill with a section embedded in a larger bill.
Bill Sponsor regularly scans bill texts to find sections that are contained in other bill texts. When a matching section is found, the bills containing that section can be viewed by clicking "View Bills" within the bill text section.
Bill Sponsor is currently only finding exact word-for-word section matches. In a future release, partial matches will be included.
S. 1951 (Introduced-in-Senate)


116th CONGRESS
1st Session
S. 1951


To require the Securities and Exchange Commission to promulgate regulations relating to the disclosure of certain commercial data, and for other purposes.


IN THE SENATE OF THE UNITED STATES

June 25, 2019

Mr. Warner (for himself and Mr. Hawley) introduced the following bill; which was read twice and referred to the Committee on Banking, Housing, and Urban Affairs


A BILL

To require the Securities and Exchange Commission to promulgate regulations relating to the disclosure of certain commercial data, and for other purposes.

Be it enacted by the Senate and House of Representatives of the United States of America in Congress assembled,

SECTION 1. Short title.

This Act may be cited as the “Designing Accounting Safeguards To Help Broaden Oversight and Regulations on Data”.

SEC. 2. Definitions.

In this Act:

(1) COMMERCIAL DATA OPERATOR.—The term “commercial data operator” means an entity acting in its capacity as a consumer online services provider or data broker that—

(A) generates a material amount of revenue from the use, collection, processing, sale, or sharing of the user data; and

(B) has more than 100,000,000 unique monthly visitors or users in the United States for a majority of months during the previous 1-year period.

(2) COMMISSION.—The term “Commission” means the Securities and Exchange Commission.

(3) ISSUER.—The term “issuer” has the meaning given the term in section 3(a) of the Securities and Exchange Act of 1934 (15 U.S.C. 78c(a)).

(4) USER.—The term “user” means an individual consumer who uses an online service designed for consumer use by a commercial data operator.

(5) USER DATA.—The term “user data” means any information that identifies, relates to, describes, is capable of being associated with, or could reasonably be linked with an individual user, whether directly submitted to the commercial data operator by the user or derived from the observed activity of the user by the commercial data operator.

SEC. 3. Commercial data operators.

(a) Requirements.—

(1) IN GENERAL.—A commercial data operator shall—

(A) on a routine basis, and not less frequently than once every 90 days—

(i) provide each user of the commercial data operator with an assessment of the economic value that the commercial data operator places on the data of that user; and

(ii) in a clear and conspicuous manner, in accordance with paragraph (3), identify to each user of the commercial data operator—

(I) the types of data collected from users of the commercial data operator, whether by the commercial data operator or another person pursuant to an agreement with the commercial data operator; and

(II) the ways that the data of a user of the commercial data operator is used if the use is not directly or exclusively related to the online service that the commercial data operator provides to the user; and

(B) except as provided in paragraph (2), provide a user of the commercial data operator with the ability to delete all data, in the aggregate and for an individual field, that the commercial data operator possesses, or maintains control or access to with respect to the user, through—

(i) a single setting; or

(ii) another clear and conspicuous mechanism by which the user may make such a deletion.

(2) DELETION EXCEPTIONS.—

(A) IN GENERAL.—A commercial data operator shall comply with a user directive to delete, in whole or in part, the data of the user except—

(i) in cases where there is a legal obligation of the commercial data operator to maintain the data;

(ii) for the establishment, exercise, or defense of legal claims; or

(iii) if the data is necessary to detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity, or assist in the prosecution of those responsible for such activity.

(B) RETENTION.—A commercial data operator may not retain any more user data than is necessary to carry out an activity described in clauses (i) through (iii) of subparagraph (A).

(3) AVAILABILITY.—A commercial data operator shall ensure that all disclosures required under subsection (a) are available to a user of the commercial data operator—

(A) on and after the date on which the commercial data operator makes the identification; and

(B) through any normal mechanism by which a user may interact with the online service provided by the commercial data operator.

(4) UNFAIR AND DECEPTIVE ACTS OR PRACTICES.—

(A) UNFAIR OR DECEPTIVE ACTS OR PRACTICES.—A violation of this subsection shall be treated as a violation of a rule defining an unfair or deceptive act or practice prescribed under section 18(a)(1)(B) of the Federal Trade Commission Act (15 U.S.C. 57a(a)(1)(B)).

(B) POWERS OF FEDERAL TRADE COMMISSION.—

(i) IN GENERAL.—The Federal Trade Commission shall enforce this subsection in the same manner, by the same means, and with the same jurisdiction, powers, and duties as though all applicable terms and provisions of the Federal Trade Commission Act (15 U.S.C. 41 et seq.) were incorporated into and made a part of this subsection.

(ii) PRIVILEGES AND IMMUNITIES.—Any person who violates this subsection shall be subject to the penalties and entitled to the privileges and immunities provided in the Federal Trade Commission Act (15 U.S.C. 41 et seq.).

(b) Regulations.—Not later than 1 year after the date of enactment of this Act, the Federal Trade Commission shall promulgate regulations carrying out subsection (a).

SEC. 4. SEC disclosures.

(a) In general.—Section 13 of the Securities Exchange Act of 1934 (15 U.S.C. 78m) is amended by adding at the end the following:

“(s) Disclosure relating to aggregate value of user data held by commercial data operators.—

“(1) DEFINITIONS.—In this subsection:

“(A) COMMERCIAL DATA OPERATOR.—The term ‘commercial data operator’ means an entity acting in its capacity as a consumer online services provider or data broker that—

“(i) generates a material amount of revenue directly from the use, collection, processing, sale, or sharing of the user data; and

“(ii) has more than 100,000,000 unique monthly visitors or users in the United States for a majority of months during the previous 1-year period;

“(B) USER.—The term ‘user’ means an individual consumer who uses an online service designed for consumer use by a commercial data operator.

“(C) USER DATA.—The term ‘user data’ means any information that identifies, relates to, describes, is capable of being associated with, or could reasonably be linked with an individual user, whether directly submitted to the commercial data operator by the user or derived from the observed activity of the user by the commercial data operator.

“(2) DISCLOSURE.—Each issuer that is, or is a consolidated subsidiary of, a commercial data operator and is required to file an annual or quarterly report under subsection (a) shall disclose in that report the aggregate value, if material, of—

“(A) user data that the commercial data operator holds;

“(B) contracts with third parties for the collection of user data through the online service provided by the commercial data operator; and

“(C) any other item that the Commission determines, by rule, is necessary or useful for the protection of investors and in the public interest.

“(3) VALUATION METHODOLOGY.—

“(A) IN GENERAL.—The Commission, in consultation with appropriate standards settings organizations, shall develop a method or methods for calculating the value of user data required to be disclosed under paragraph (2).

“(B) CONSIDERATIONS.—In developing the method under subparagraph (A), the Commission shall promote comparability in calculating the value of data across commercial data operators that utilize user data in a similar manner while taking into account the potential need to develop distinct methods for calculating the value of data for different uses, sectors, and business models.”.

(b) Qualitative disclosure.—Not later than 1 year after the date of enactment of this subsection, the Commission shall amend section 229.306 of title 17, Code of Federal Regulations, to require a commercial data operator that is an issuer subject to section 13 or 15(d) of the Securities Exchange Act of 1934 (15 U.S.C. 78m, 78o(d)) to provide quantitative and qualitative disclosures about the value of user data held, including—

(1) technical and legal measures in place to protect user data held by the commercial data operator;

(2) an assessment of financial and legal risks associated with storing the type and quantity of user data held by the commercial data operator;

(3) each source of user data held by the commercial data operator, whether by sale, a direct consumer relationship, an indirect consumer relationship, or other means;

(4) each discrete revenue generating operation of the commercial data operator and any subsidiary or affiliate that relies on user data;

(5) the entry into any contract valued at more than $10,000,000 with a third party for the collection, licensing, or sharing by the third party pursuant to an agreement with the commercial data operator;

(6) the amount of revenue derived from obtaining, collecting, processing, selling, using or sharing user data during the reporting period;

(7) how changes in the measurement of aggregate fair value of user data affect the reported performance and cash flows of the issuer; and

(8) any acquisition of user data in the preceding reporting period valued at more than $100,000,000.

(c) Report.—

(1) IN GENERAL.—Not later than 3 years after the date of enactment of this Act, the Commission shall submit to the Committee on Banking, Housing, and Urban Affairs of the Senate and the Committee on Financial Services of the House of Representatives a report on—

(A) the nature, timing, and extent of the disclosure practices of commercial data operators;

(B) an assessment of the valuation methodologies and practices employed by commercial data operators in developing and submitting disclosures to the public;

(C) an evaluation of the methods of delivery and presentation of the disclosures required by this Act, and the amendments made by this Act; and

(D) recommendations for the improvement of the methods described in paragraph (3), including developing standards to enhance comparability and utility for investors.

(2) RULEMAKING.—Not later than 180 days after the date on which the report required under paragraph (1) is submitted, the Commission shall promulgate a proposed regulation implementing the recommendations described in paragraph (1)(D).