Online Privacy Act, Sec. 106 ("Individual autonomy")

Proposed 2023-04-19 | Official source

Summary

Prohibits collecting, processing, maintaining, or disclosing personal information for behavioral personalization without consent. Requires annual consent renewals. Mandates non-personalized versions if consent is denied. Allows service denial if non-personalization is infeasible. Exempts small businesses.

This summary is awaiting validation (peer review by a second AGORA editor).

Key facts

🏛️ This document was proposed and/or enacted by the United States Congress but is now defunct. For authoritative text and metadata, visit the official source.

🎯 This document primarily applies to the private sector, rather than the government.

📜 This document's name is Online Privacy Act of 2023, Sec. 106 ("Right to individual autonomy"). AGORA also tracks this document under the name Online Privacy Act, Sec. 106 ("Individual autonomy"). It is part of Online Privacy Act.

↳ This document is part of a longer one: Online Privacy Act. Some AGORA documents are "split off" from longer documents that mix AI and non-AI content, such as omnibus authorization or appropriations laws in the United States Congress. Read more >>

Themes AI risks, applications, governance strategies, and other themes addressed in AGORA documents.

Thematic tags for this document are awaiting validation (peer review by a second AGORA editor).

Risk factors (1)

Privacy This tag applies to documents that address the use or presence of personally identifying information in an AI system's inputs or outputs, and any related protections or mitigations.

Harms (2)

Full text

This is an unofficial copy. The document has been archived and reformatted in plaintext for AGORA. Footnotes, tables, and similar material may be omitted. For the official text, visit the original source.
Thematic tags for this document are awaiting validation (peer review by a second AGORA editor).

SEC. 106. RIGHT TO INDIVIDUAL AUTONOMY. (a) In General.—A covered entity shall not collect, process, maintain, or disclose an individual’s personal information to— (1) create, improve upon, or maintain; (2) process with; or (3) otherwise link an individual with; an algorithm, model, or other means designed for behavioral personalization, without the affirmative express consent of that individual.

(b) Consent.—A covered entity must obtain express affirmative consent from an individual before it may provide a behaviorally personalized version of a product or service, and not less than every calendar year thereafter. Where consent is denied, a covered entity must provide the product or service without behavioral personalization.

(c) Exceptions To Providing Product Or Service.— (1) Where the offering of a substantially similar product or service without behavioral personalization is infeasible, a covered entity shall provide, to the greatest extent feasible, a core aspect or part of the product or service that can be offered without behavioral personalization. (2) Where no core aspect or part of the product or service can function in a substantially similar function without behavioral personalization, a covered entity may deny providing an individual use of such product or service if such individual does not consent to behavioral personalization as required in subsection (a).

(d) Exception To Behavioral Processing.—Notwithstanding subsections (a) and (b), a covered entity may process personal information to create or operate behavioral personalization algorithms, models, or other mechanisms for the purpose of increasing the usability of the product or service provided by a covered entity that— (1) are built using aggregated personal information that is representative of all the personal information the covered entity maintains; and (2) have an output that is both uniform across the individuals that use the product or service and independent of a specific individual’s inherent or behavioral characteristics.

(e) Usability.—The term “usability” as used in subsection (d) does not include optimizations or other alterations to the product or service that are made with the primary purpose of increasing the amount of time an individual engages with or uses the product or service, unless such increase benefits the individual. (f) Small Businesses Excluded.—This section does not apply to a small business.