Bill Summary
The "Terms-of-Service Labeling, Design, and Readability Act" (TLDR Act) is legislation aimed at improving the transparency and accessibility of terms of service (ToS) for online services. It mandates that certain entities, referred to as "covered entities," provide a concise and clear summary of their ToS on their websites within 360 days of the Act's enactment. This summary must include essential information such as categories of sensitive information processed, user rights, legal liabilities, historical changes to the ToS, and data breach records from the past three years.
Additionally, covered entities are required to display a graphic data flow diagram detailing how user information is shared, and to present the full ToS in an interactive data format that is machine-readable. The Act emphasizes accessibility for individuals with disabilities and those with low literacy skills, ensuring that the summary is understandable across different devices.
The Federal Trade Commission (FTC) is tasked with enforcing these requirements, and states are also granted the authority to take legal action if their residents are adversely affected by violations of the Act. Overall, the TLDR Act seeks to enhance consumer awareness and comprehension of online agreements, thereby promoting informed decision-making regarding privacy and data usage.
Possible Impacts
Here are three examples of how the "Terms-of-service Labeling, Design, and Readability Act" (TLDR Act) could affect people:
1. **Increased Transparency and Understanding**: The TLDR Act requires covered entities to provide a short-form summary of their terms of service. This means that users will have easier access to crucial information about their rights and responsibilities when using a service. For example, a user might quickly learn about what sensitive information is collected, how it is used, and their rights regarding data deletion. This increased transparency can empower users to make more informed choices about the services they use.
2. **Improved Accessibility**: The legislation mandates that the summary statement be accessible to individuals with low literacy levels and disabilities. This requirement means that people who previously struggled to understand complex legal jargon in terms of service will now have access to a clearer summary. For instance, a visually impaired user can benefit from machine-readable formats that support screen readers, ensuring that they are not excluded from understanding the terms of services of digital platforms.
3. **Enhanced Consumer Protection**: By including details such as data breach histories and the legal liabilities associated with using a service, the TLDR Act provides users with critical information that can help them assess risks. For example, if a user sees that a service has had multiple data breaches in the past few years, they may decide against using that service or take extra precautions. Additionally, the enforcement mechanisms outlined in the Act empower state attorneys general to take action on behalf of affected residents, thereby providing an avenue for recourse if companies fail to comply with the law.
[Congressional Bills 119th Congress]
[From the U.S. Government Publishing Office]
[S. 915 Introduced in Senate (IS)]
<DOC>
119th CONGRESS
1st Session
S. 915
To require covered entities to issue a short-form terms of service
summary statement, and for other purposes.
_______________________________________________________________________
IN THE SENATE OF THE UNITED STATES
March 10, 2025
Mr. Cassidy (for himself and Mr. Lujan) introduced the following bill;
which was read twice and referred to the Committee on Commerce,
Science, and Transportation
_______________________________________________________________________
A BILL
To require covered entities to issue a short-form terms of service
summary statement, and for other purposes.
Be it enacted by the Senate and House of Representatives of the
United States of America in Congress assembled,
SECTION 1. SHORT TITLE.
This Act may be cited as the ``Terms-of-service Labeling, Design,
and Readability Act'' or the ``TLDR Act''.
SEC. 2. STANDARD TERMS OF SERVICE SUMMARY STATEMENT.
(a) Deadline for Terms of Service Summary Statement.--Not later
than 360 days after the date of the enactment of this Act, the
Commission shall issue a rule in accordance with section 553 of title
5, United States Code, with regard to a covered entity that publishes
or has published a terms of service--
(1) that requires the covered entity to include a truthful
and non-misleading short-form terms of service summary
statement on the website of the entity;
(2) that requires the covered entity to include a truthful
and non-misleading graphic data flow diagram on the website of
the entity; and
(3) that requires the covered entity to display the full
terms of service of the entity in an interactive data format.
(b) No New Contractual Obligation.--The requirement to include a
summary statement described in subsection (a)(1) does not create any
new contractual obligation.
(c) Requirements for Short-Form Terms of Service Summary
Statement.--
(1) In general.--The short-form terms of service summary
statement described in subsection (a)(1)--
(A) shall be accessible to individuals with low
levels of literacy and individuals with disabilities,
be machine readable, and include tables, graphic icons,
hyperlinks, or other means as the Commission may
require; and
(B) may be presented differently depending on the
interface or type of device on which the statement is
being accessed by the user.
(2) Location of summary statement and graphic data flow
diagram.--The summary statement described in subsection (a)(1)
shall be placed at the top of the permanent terms of service
page of the covered entity, and the graphic data flow diagram
described in subsection (a)(2) shall be located immediately
below such summary statement.
(3) Contents of summary statement.--The summary statement
described in subsection (a)(1) shall include the following:
(A) The categories of sensitive information that
the covered entity processes.
(B) The sensitive information that is required for
the basic functioning of the service and what sensitive
information is needed for additional features and
future feature development.
(C) A summary of the legal liabilities of a user
and any rights transferred from the user to the covered
entity, such as mandatory arbitration, class action
waiver, any licensing or sale by the covered entity of
the content of the user, and any waiver of moral
rights.
(D) Historical versions of the terms of service and
change logs.
(E) If the covered entity provides user deletion
services, directions for how the user can delete
sensitive information or discontinue the use of
sensitive information.
(F) A list of data breaches from the previous 3
years reported to consumers under existing Federal and
State laws.
(G) The effort required by a user to read the
entire terms of service text, such as through the total
word count and approximate time to read the statement.
(H) Any other information the Commission determines
to be necessary if that information is included in the
terms of service by the covered entity.
(4) Additional information required by the commission.--In
the rule issued under subsection (a), the Commission shall
include a list of other information the Commission determines
to be necessary under paragraph (3)(H).
(d) Guidance on Graphic Data Flow Diagrams.--Not later than 360
days after the date of the enactment of this Act, the Commission shall
publish guidelines on how a covered entity can graphically display how
the sensitive information of a user is shared with a subsidiary or
corporate affiliate of such entity and how such sensitive information
is shared with third parties.
(e) Interactive Data Format Terms of Service.--Not later than 360
days after the date of the enactment of this Act, the Commission shall
issue a rule in accordance with section 553 of title 5, United States
Code, that requires a covered entity to tag portions of the terms of
services of the entity according to an interactive data format.
(f) Enforcement.--
(1) Enforcement by the commission.--
(A) Unfair or deceptive acts or practices.--A
violation of this Act or a regulation promulgated under
this Act shall be treated as a violation of a rule
defining an unfair or deceptive act or practice under
section 18(a)(1)(B) of the Federal Trade Commission Act
(15 U.S.C. 57a(a)(1)(B)).
(B) Powers of the commission.--
(i) In general.--The Commission shall
enforce this section and the regulations
promulgated under this section in the same
manner, by the same means, and with the same
jurisdiction, powers, and duties as though all
applicable terms and provisions of the Federal
Trade Commission Act (15 U.S.C. 41 et seq.)
were incorporated into and made a part of this
section.
(ii) Privileges and immunities.--Any person
who violates this section or a regulation
promulgated under this section shall be subject
to the penalties and entitled to the privileges
and immunities provided in the Federal Trade
Commission Act.
(iii) Authority persevered.--Nothing in
this section shall be construed to limit the
authority of the Commission under any other
provision of law.
(2) Enforcement by states.--
(A) In general.--In any case in which the attorney
general of a State has reason to believe that an
interest of at least 1,000 residents of that State has
been or is threatened or adversely affected by the
engagement of any person in a practice that violates
this section or a regulation promulgated under this
section, the attorney general of the State, as parens
patriae, may bring a civil action on behalf of the
residents of the State in a district court of the
United States of appropriate jurisdiction--
(i) to enjoin that practice;
(ii) to enforce compliance with this
section;
(iii) to obtain damages, restitution, or
other compensation on behalf of such residents;
and
(iv) to obtain such other relief as the
court may consider to be appropriate.
(B) Rights of the commission.--
(i) Notice to the commission.--
(I) In general.--Except as provided
in subclause (III), the attorney
general of a State shall notify the
Commission in writing that the attorney
general intends to bring a civil action
under subparagraph (A) before
initiating the civil action.
(II) Contents.--The notification
required by subclause (I) with respect
to a civil action shall include a copy
of the complaint to be filed to
initiate the civil action.
(III) Exemption.--If it is not
feasible for the attorney general of a
State to provide the notification
required by subclause (I) before
initiating a civil action under
subparagraph (A), the attorney general
shall notify the Commission immediately
upon instituting the civil action.
(ii) Intervention by the commission.--The
Commission may--
(I) intervene in any civil action
brought by the attorney general of a
State under subparagraph (A); and
(II) upon intervening--
(aa) be heard on all
matters arising in the civil
action; and
(bb) file petitions for
appeal.
(C) Construction.--Nothing in this paragraph may be
construed to prevent an attorney general of a State
from exercising the powers conferred on the attorney
general by the laws of that State to--
(i) conduct investigations;
(ii) administer oaths or affirmations; or
(iii) compel the attendance of witnesses or
the production of documentary and other
evidence.
(D) Actions by the commission.--In any case in
which an action is instituted by or on behalf of the
Commission for a violation of this section or a
regulation promulgated under this section, a State may
not, during the pendency of that action, institute a
separate action under subparagraph (A) against any
defendant named in the complaint in the action
instituted by or on behalf of the Commission for that
violation.
(E) Venue; service of process.--
(i) Venue.--Any action brought under
subparagraph (A) may be brought in--
(I) the district court of the
United States that meets applicable
requirements relating to venue under
section 1391 of title 28, United States
Code; or
(II) another court of competent
jurisdiction.
(ii) Service of process.--In an action
brought under paragraph (1), process may be
served in any district in which the defendant--
(I) is an inhabitant; or
(II) may be found.
(g) Definitions.--In this section:
(1) Commission.--The term ``Commission'' means the Federal
Trade Commission.
(2) Covered entity.--The term ``covered entity''--
(A) means any person that operates a website
located on the internet or an online service that is
operated for commercial purposes; and
(B) does not include a small business concern (as
defined in section 3 of the Small Business Act (15
U.S.C. 632)).
(3) Disability.--The term ``disability'' has the meaning
given the term in section 3 of the Americans with Disabilities
Act of 1990 (42 U.S.C. 12102).
(4) Interactive data format.--The term ``interactive data
format'' means an electronic data format in which pieces of
information are identified using an interactive data standard,
such as eXtensible Markup Language (commonly known as ``XML''),
that is a standardized list of electronic tags that mark the
information described in subsection (c)(3) within the terms of
service of a covered entity.
(5) Moral rights.--The term ``moral rights'' means the
rights conferred by section 106A(a) of title 17, United States
Code.
(6) Process.--The term ``process'' means any operation or
set of operations performed on sensitive information, including
collection, analysis, organization, structuring, retaining,
using, or otherwise handling sensitive information.
(7) Sensitive information.--The term ``sensitive
information'' means any of the following:
(A) Health information.
(B) Biometric information.
(C) Precise geolocation information.
(D) Social security number.
(E) Information concerning the race, color,
religion, national origin, sex, age, or disability of
an individual.
(F) The content and parties to a communication.
(G) Audio and video recordings captured through a
consumer device.
(H) Financial information, including a bank account
number, credit card number, debit card number, or
insurance policy number.
(I) Online browsing history, which means
information revealing online activities over time or
across websites or online services not owned or
operated by the covered entity.
(8) State.--The term ``State'' means each of the several
States, the District of Columbia, each commonwealth, territory,
or possession of the United States, and each federally
recognized Indian Tribe.
(9) Third party.--The term ``third party'' means, with
respect to a covered entity, a person--
(A) to which the covered entity disclosed sensitive
information; and
(B) that is not--
(i) the covered entity;
(ii) a subsidiary or corporate affiliate of
the covered entity; or
(iii) a service provider of the covered
entity.
<all>