The TLDR Act: A Law to Require Online Terms of Service to Have an Intelligible Summary

The TLDR Act: A Law for When You Just Can't be Bothered to Read the Full Terms of Service or Privacy Policy
Share the knowledge

If you are someone whose eyes glaze over when you try to read a website’s or company’s Terms of Service (“ToS”), Acceptable Use Policy (“AUP”) or Privacy Policy, then the TLDR Act is for you (see below for the full text of The TLDR Act). The TLDR Act (S.3501), which stands for “Terms-of-service Labeling, Design and Readability Act”, was introduced this month by Representative Lori Trahan and Senators Ben Ray Lujan and Bill Cassidy (that’s right, it’s a bipartisan Federal effort). While the current draft of the TLDR Act doesn’t specifically mention AUPs or privacy polices (it mentions only Terms of Service), we can’t imagine it passing – if at all – without ‘Terms of Service’ being defined, and that definition also covering acceptable use and privacy policies. We hasten to add that while the TLDR Act would apply broadly to businesses that have an online presence (i.e. a website), it does not apply to those which meet the Federal definition of a ‘small business’ (more on that below).

Actually this is the second time that a bill has been introduced called the “TLDR Act”, the first time was in 2018 when Representative Seth Moulton introduced a bill called the TLDR Act which was intended to “Require the Office of Management and Budget to develop and issue regulations that direct each federal agency to provide a clearly-marked section at the top of a communication (both hard copy and electronic) that the agency sends to an individual if such communication requires or authorizes such individual to take action.” The summary of that TLDR Act bill went on to say that “To the extent practicable, the clearly-marked section at the top of the first page shall include: the action item; if a response is required, optional, or not required; the deadline, if applicable; how to complete the action item; and the agency’s contact information.”

But we digress, that was then, and this is now. However we did want to mention that other TLDR Act because lots of people have been confused when trying to find the information for this current TLDR Act.

Before we go any further, the TLDR Act refers to it applying to “covered entities”. It defines a covered entity as “any person that operates a website located on the internet or an online service, that is operated for commercial purposes” and, and this is important, that is not a small business, as defined by the Federal government’s Small Business Act (15 U.S.C. 632). So that you don’t have to follow that link (although you certainly can if you want to), the Federal government generally defines any business “which is independently owned and operated and which is not dominant in its field of operation” as a small business.

According to the “one-pager” put out by representative Trahan’s office (jointly with Senators Cassidy and Lujan), the purpose of the TLDR Act is to:

Get New Internet Patrol Articles by Email!

(Unobtrusive plea for financial support by tipping us.)

 

“1. Inform consumers of how their data is collected and used.
2. Empower consumers to compare simple and standardized terms-of-service summary statements across different website and apps.
3. Facilitate independent oversight and study of terms-of-service contracts, including data collection, legal liabilities, and data sharing with third parties.”

The one-pager goes on to explain that the summary statements, which must be at the top of the Terms of Service page, must be concise, easy to understand, and machine readable.

Of course, the TLDR Act has only just been submitted; in fact as of the time of this writing the Congressional website doesn’t even have a summary up. So don’t expect it to be enacted any time soon, but there’s no time like now to contact your Federal representatives to let them know your thoughts about the Act. In the meantime, here’s the full text of S.3501.

Full Text of S.3501, The TLDR Act – Terms-of-service Labeling, Design, and Readability Act

(You can also find the full text of S.3501 here.)

To require the Federal Trade Commission to issue a short-form terms of service summary statement, and for other purposes.

 

Be it enacted by the Senate and House of Representatives of the United States of America in Congress assembled,

SECTION 1. SHORT TITLE.

This Act may be cited as the “Terms-of-service Labeling, Design, and Readability Act” or the “TLDR Act”.

SEC. 2. STANDARD TERMS OF SERVICE SUMMARY STATEMENT.

(a) Deadline For Terms Of Service Summary Statement.—Not later than 360 days after the date of the enactment of this Act, the Commission shall issue a rule under section 553 of title 5, United States Code—

(1) that requires a covered entity to include a short-form terms of service summary statement on the website of the entity;

(2) that requires a covered entity to include graphic data flow diagram on the website of the entity and includes guidance for such diagram; and

(3) that requires a covered entity to display the full terms of service of the entity in an interactive data format.

(b) Requirements For Short-Form Terms Of Service Summary Statement.—

(1) IN GENERAL.—The short-form terms of service summary statement described in subsection (a)—

(A) shall be easy to understand, machine readable, and may include tables, graphic icons, hyperlinks, or other means determined by the Commission; and

(B) may be established separately depending on the interface or type of device on which the statement is being accessed by the user.

(2) LOCATION OF SUMMARY STATEMENT AND GRAPHIC DATA FLOW DIAGRAM.—The summary statement shall be placed at the top of the permanent terms of service page of the covered entity and any graphic data flow diagram shall be located immediately below the statement.

(3) CONTENTS OF SUMMARY STATEMENT.—The summary statement shall disclose the following:

(A) The effort required by a user to read the entire terms of service text, such as through the total word count and approximate time to read the statement.

(B) The categories of sensitive information that the covered entity processes.

(C) The sensitive information that is required for the basic functioning of the service and what sensitive information is needed for additional features and future feature development.

(D) A summary of the legal liabilities of a user and any rights transferred from the user to the covered entity, such as mandatory arbitration, class action waiver, any licensing by the covered entity of the content of the user, and any waiver of moral rights.

(E) Historical versions of the terms of service and change logs.

(F) If the covered entity provides user deletion services, directions for how the user can delete sensitive information or discontinue the use of sensitive information.

(G) A list of data breaches from the previous 3 years reported to consumers under existing Federal and State laws.

(H) Anything else determined to be necessary by the Commission.

(c) Guidance On Graphic Data Flow Diagrams.—Not later than 360 days after the date of the enactment of this Act, the Commission shall publish guidelines on how a covered entity can graphically display how sensitive information of a user is shared with a subsidiary or corporate affiliate of such the entity and how sensitive information is shared with third parties.

(d) Interactive Data Format Terms Of Service.—Not later than 360 days after the date of the enactment of this Act, the Commission shall issue a rule under section 553 of title 5, United States Code, that requires a covered entity to tag portions of the terms of services of the entity according to an interactive data format.

(e) Enforcement.—

(1) UNFAIR OR DECEPTIVE ACTS OR PRACTICES.—A violation of this section or a regulation promulgated under this section shall be treated as a violation of a regulation under section 18(a)(1)(B) of the Federal Trade Commission Act (15 U.S.C. 57a(a)(1)(B)) regarding unfair or deceptive acts or practices.

(2) POWERS OF THE COMMISSION.—The Commission shall enforce this section and the regulations promulgated under this section in the same manner, by the same means, and with the same jurisdiction, powers, and duties as though all applicable terms and provisions of the Federal Trade Commission Act (15 U.S.C. 41 et seq.) were incorporated into and made a part of this section, and any person who violates this section or a regulation promulgated under this section shall be subject to the penalties and entitled to the privileges and immunities provided in the Federal Trade Commission Act.

(3) ENFORCEMENT BY STATE ATTORNEYS GENERAL.—In any case in which the attorney general of a State has reason to believe that an interest of at least 1,000 residents of that State has been or is threatened or adversely affected by the engagement of any person in a practice that violates this section or a regulation promulgated under this section, the State, as parens patriae, may bring a civil action on behalf of the residents of the State in a district court of the United States of appropriate jurisdiction to—

(A) enjoin that practice;

(B) enforce compliance with the regulation;

(C) obtain damage, restitution, or other compensation on behalf of residents of the State; or

(D) obtain such other relief as the court may consider to be appropriate.

(4) NOTICE.—

(A) IN GENERAL.—Before filing an action under paragraph (3), the attorney general of the State involved shall provide to the Commission—

(i) written notice of that action; and

(ii) a copy of the complaint for that action.

(B) EXEMPTION.—

(i) IN GENERAL.—Subparagraph (A) shall not apply with respect to the filing of an action by an attorney general of a State under this subsection, if the attorney general determines that it is not feasible to provide the notice described in that subparagraph before the filing of the action.

(ii) NOTIFICATION.—In an action described in clause (i), the attorney general of a State shall provide notice and a copy of the complaint to the Commission at the same time as the attorney general files the action.

(5) REMOVAL TO FEDERAL COURT.—The Commission may intervene in any action brought under paragraph (3) and remove the action to the appropriate United States district court.

(f) Rule Of Construction.—Nothing in this section shall be construed to limit the authority of the Commission under any other provision of law.

(g) Definitions.—In this section:

(1) COMMISSION.—The term “Commission” means the Federal Trade Commission.

(2) COVERED ENTITY.—The term “covered entity”—

(A) means any person that operates a website located on the internet or an online service, that is operated for commercial purposes; and

(B) does not include a small business concern (as defined in section 3 of the Small Business Act (15 U.S.C. 632)).

(3) INTERACTIVE DATA FORMAT.—The term “interactive data format” means an electronic data format in which pieces of information are identified using an interactive data standard, such as eXtensible Markup Language (XML), that is a standardized list of electronic tags that mark the information described in section 2(b)(3) within the terms of service of a covered entity.

(4) SENSITIVE INFORMATION.—The term “sensitive information” means any of the following:

(A) Health information.

(B) Biometric information.

(C) Precise geolocation information.

(D) Social security number.

(E) Information concerning the race, color, religion, national origin, sex, age, or disability of an individual.

(F) The content and parties to a communication.

(G) Audio and video recordings captured through a consumer device.

(H) Financial information, including a bank account number, credit card number, debit card number, or insurance policy number.

(I) Online browsing history related to the information described in subparagraphs (A) through (H).

(5) STATE.—The term “State” means each of the several States, the District of Columbia, each commonwealth, territory, or possession of the United States, and each federally recognized Indian Tribe.

(6) THIRD PARTY.—The term “third party” means, with respect to a covered entity, a person—

(A) to whom the covered entity disclosed sensitive information; and

(B) is not—

(i) the covered entity;

(ii) a subsidiary or corporate affiliate of the covered entity; or

(iii) a service provider of the covered entity.

Note: The Internet Patrol is completely free, and reader-supported. If something that you find here helps you, please consider supporting us. We also earn a small amount from ads and Amazon links:
Click for amount options


Share the knowledge

Leave a Reply

Your email address will not be published.

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.