Book Read Free

Advanced Criminal Investigations and Intelligence Operations

Page 48

by Unknown

collected from the child by that operator;

  (ii) the opportunity at any time to refuse to permit the

  operator’s further use or maintenance in retrievable

  form, or future online collection, of personal informa-

  tion from that child; and

  (iii) notwithstanding any other provision of law, a means

  that is reasonable under the circumstances for the par-

  ent to obtain any personal information collected from

  that child;

  (C) prohibit conditioning a child’s participation in a game, the

  offering of a prize, or another activity on the child disclosing

  more personal information than is reasonably necessary to

  participate in such activity; and

  (D) require the operator of such a website or online service to

  establish and maintain reasonable procedures to protect the

  confidentiality, security, and integrity of personal informa-

  tion collected from children.

  (2)

  When consent not required

  The regulations shall provide that verifiable parental consent

  under paragraph (1)(A)(ii) is not required in the case of—

  (A) online contact information collected from a child that

  is used only to respond directly on a one-time basis to a

  354

  Appendix B: Computer Crime and Privacy Laws

  specific request from the child and is not used to recontact

  the child and is not maintained in retrievable form by the

  operator;

  (B) a request for the name or online contact information of a

  parent or child that is used for the sole purpose of obtain-

  ing parental consent or providing notice under this section

  and where such information is not maintained in retrievable

  form by the operator if parental consent is not obtained after

  a reasonable time;

  (C) online contact information collected from a child that is

  used only to respond more than once directly to a specific

  request from the child and is not used to recontact the child

  beyond the scope of that request—

  (1) if, before any additional response after the initial response

  to the child, the operator uses reasonable efforts to pro-

  vide a parent notice of the online contact information

  collected from the child, the purposes for which it is to

  be used, and an opportunity for the parent to request

  that the operator make no further use of the information

  and that it not be maintained in retrievable form; or

  (2) without notice to the parent in such circumstances as

  the Commission may determine are appropriate, taking

  into consideration the benefits to the child of access to

  information and services, and risks to the security and

  privacy of the child, in regulations promulgated under

  this subsection;

  (D) the name of the child and online contact information (to the

  extent reasonably necessary to protect the safety of a child

  participant on the site)—

  (1) used only for the purpose of protecting such safety;

  (2) not used to recontact the child or for any other

  purpose; and

  (3) not disclosed on the site, if the operator uses reason-

  able efforts to provide a parent notice of the name and

  online contact information collected from the child, the

  purposes for which it is to be used, and an opportu-

  nity for the parent to request that the operator make no

  further use of the information and that it not be main-

  tained in retrievable form; or

  (E) the collection, use, or dissemination of such information by

  the operator of such a website or online service necessary—

  (1) to protect the security or integrity of its website;

  (2) to take precautions against liability;

  Appendix B: Computer Crime and Privacy Laws

  355

  (iii) to respond to judicial process; or

  (iv) to the extent permitted under other provisions of law, to

  provide information to law enforcement agencies or for

  an investigation on a matter related to public safety.

  (3)

  Termination of service

  The regulations shall permit the operator of a website or an online

  service to terminate service provided to a child whose parent has

  refused, under the regulations prescribed under paragraph (1)

  (B)(ii), to permit the operator’s further use or maintenance in

  retrievable form, or future online collection, of personal infor-

  mation from that child.

  (c) Enforcement

  Subject to sections 6503 and 6505 of this title, a violation of a regula-

  tion prescribed under subsection (a) of this section shall be treated

  as a violation of a rule defining an unfair or deceptive act or practice

  prescribed under section 57a (a)(1)(B) of this title.

  (d) Inconsistent State law

  No State or local government may impose any liability for commer-

  cial activities or actions by operators in interstate or foreign com-

  merce in connection with an activity or action described in this

  chapter that is inconsistent with the treatment of those activities or

  actions under this section.

  § 6503. Safe Harbors

  (a) Guidelines

  An operator may satisfy the requirements of regulations issued

  under section 6502 (b) of this title by following a set of self-regulatory guidelines, issued by representatives of the marketing or online

  industries, or by other persons, approved under subsection (b) of

  this section.

  (b) Incentives

  (1)

  Self-regulatory incentives

  In prescribing regulations under section 6502 of this title, the

  Commission shall provide incentives for self-regulation by

  operators to implement the protections afforded children under

  the regulatory requirements described in subsection (b) of that

  section.

  (2)

  Deemed compliance

  Such incentives shall include provisions for ensuring that a per-

  son will be deemed to be in compliance with the requirements

  of the regulations under section 6502 of this title if that person

  complies with guidelines that, after notice and comment, are

  approved by the Commission upon making a determination that

  356

  Appendix B: Computer Crime and Privacy Laws

  the guidelines meet the requirements of the regulations issued

  under section 6502 of this title.

  (3)

  Expedited response to requests

  The Commission shall act upon requests for safe harbor treat-

  ment within 180 days of the filing of the request, and shall set

  forth in writing its conclusions with regard to such requests.

  (c) Appeals

  Final action by the Commission on a request for approval of guide-

  lines, or the failure to act within 180 days on a request for approval

  of guidelines, submitted under subsection (b) of this section may be

  appealed to a district court of the United States of appropriate juris-

  diction as provided for in section 706 of title 5.

  § 6504. Actions by States

  (a) In general

  (1)

  Civil actions

  In any case in which the attorney general of a State has re
ason to

  believe that an interest of the residents of that State has been or

  is threatened or adversely affected by the engagement of any per-

  son in a practice that violates any regulation of the Commission

  prescribed under section 6502 (b) of this title, the State, as parens

  patriae, may bring a civil action on behalf of the residents of the

  State in a district court of the United States of appropriate juris-

  diction to—

  (A) enjoin that practice;

  (B) enforce compliance with the regulation;

  (C) obtain damage, restitution, or other compensation on behalf

  of residents of the State; or

  (D) obtain such other relief as the court may consider to be

  appropriate.

  (2)

  Notice

  (A) In general

  Before filing an action under paragraph (1), the attorney gen-

  eral of the State involved shall provide to the Commission—

  (i) written notice of that action; and

  (ii) a copy of the complaint for that action.

  (B) Exemption

  (i) In general: Subparagraph (A) shall not apply with respect

  to the filing of an action by an attorney general of a State

  under this subsection, if the attorney general determines

  that it is not feasible to provide the notice described in

  that subparagraph before the filing of the action.

  Appendix B: Computer Crime and Privacy Laws

  357

  (ii) Notification: In an action described in clause (i), the

  attorney general of a State shall provide notice and a

  copy of the complaint to the Commission at the same

  time as the attorney general files the action.

  (b) Intervention

  (1)

  In general

  On receiving notice under subsection (a)(2) of this section, the

  Commission shall have the right to intervene in the action that is

  the subject of the notice.

  (2)

  Effect of intervention

  If the Commission intervenes in an action under subsection (a)

  of this section, it shall have the right—

  (A) to be heard with respect to any matter that arises in that

  action; and

  (B) to file a petition for appeal.

  (3)

  Amicus curiae

  Upon application to the court, a person whose self-regulatory

  guidelines have been approved by the Commission and are relied

  upon as a defense by any defendant to a proceeding under this

  section may file amicus curiae in that proceeding.

  (c) Construction

  For purposes of bringing any civil action under subsection (a) of

  this section, nothing in this chapter shall be construed to prevent an

  attorney general of a State from exercising the powers conferred on

  the attorney general by the laws of that State to—

  (1) conduct investigations;

  (2) administer oaths or affirmations; or

  (3) compel the attendance of witnesses or the production of docu-

  mentary and other evidence.

  (d) Actions by Commission

  In any case in which an action is instituted by or on behalf of the

  Commission for violation of any regulation prescribed under section

  6502 of this title, no State may, during the pendency of that action,

  institute an action under subsection (a) of this section against any

  defendant named in the complaint in that action for violation of that

  regulation.

  (e) Venue; service of process

  (1)

  Venue

  Any action brought under subsection (a) of this section may

  be brought in the district court of the United States that meets

  applicable requirements relating to venue under section 1391 of

  title 28.

  358

  Appendix B: Computer Crime and Privacy Laws

  (2)

  Service of process

  In an action brought under subsection (a) of this section, process

  may be served in any district in which the defendant—

  (A) is an inhabitant; or

  (B) may be found.

  § 6505. Administration and Applicability

  (a) In general

  Except as otherwise provided, this chapter shall be enforced by the

  Commission under the Federal Trade Commission Act (15 U.S.C. 41

  et seq.).

  (b) Provisions

  Compliance with the requirements imposed under this chapter shall

  be enforced under—

  (1) section 8 of the Federal Deposit Insurance Act (12 U.S.C. 1818),

  in the case of—

  (A) national banks, and Federal branches and Federal agencies of

  foreign banks, by the Office of the Comptroller of the Currency;

  (B) member banks of the Federal Reserve System (other than

  national banks), branches and agencies of foreign banks (other

  than Federal branches, Federal agencies, and insured State

  branches of foreign banks), commercial lending companies

  owned or controlled by foreign banks, and organizations oper-

  ating under section 25 or 25(a) of the Federal Reserve Act (12

  U.S.C. 601 et seq. and 611 et seq.), by the Board; and

  (C) banks insured by the Federal Deposit Insurance Corporation

  (other than members of the Federal Reserve System) and

  insured State branches of foreign banks, by the Board of

  Directors of the Federal Deposit Insurance Corporation;

  (2) section 8 of the Federal Deposit Insurance Act (12 U.S.C. 1818),

  by the Director of the Office of Thrift Supervision, in the case of

  a savings association the deposits of which are insured by the

  Federal Deposit Insurance Corporation;

  (3) the Federal Credit Union Act (12 U.S.C. 1751 et seq.) by the

  National Credit Union Administration Board with respect to any

  Federal credit union;

  (4) part A of subtitle VII of title 49 by the Secretary of Transportation with respect to any air carrier or foreign air carrier subject to that part; (5) the Packers and Stockyards Act, 1921 (7 U.S.C. 181 et. seq.)

  (except as provided in section 406 of that Act (7 U.S.C. 226, 227)),

  by the Secretary of Agriculture with respect to any activities sub-

  ject to that Act; and

  Appendix B: Computer Crime and Privacy Laws

  359

  (6) the Farm Credit Act of 1971 (12 U.S.C. 2001 et seq.) by the Farm

  Credit Administration with respect to any Federal land bank,

  Federal land bank association, Federal intermediate credit bank,

  or production credit association.

  (c) Exercise of certain powers

  For the purpose of the exercise by any agency referred to in sub-

  section (a) of this section of its powers under any Act referred to in

  that subsection, a violation of any requirement imposed under this

  chapter shall be deemed to be a violation of a requirement imposed

  under that Act. In addition to its powers under any provision of law

  specifically referred to in subsection (a) of this section, each of the

  agencies referred to in that subsection may exercise, for the purpose

  of enforcing compliance with any requirement imposed under this

  chapter, any other authority conferred on it by law.

  (d) Actions by Commission

  The Commission shall prevent any person from violating a rule of

  the Commission under section 6502 of this title
in the same man-

  ner, by the same means, and with the same jurisdiction, powers, and

  duties as though all applicable terms and provisions of the Federal

  Trade Commission Act (15 U.S.C. 41 et seq.) were incorporated into

  and made a part of this chapter. Any entity that violates such rule

  shall be subject to the penalties and entitled to the privileges and

  immunities provided in the Federal Trade Commission Act in the

  same manner, by the same means, and with the same jurisdiction,

  power, and duties as though all applicable terms and provisions of

  the Federal Trade Commission Act were incorporated into and made

  a part of this chapter.

  (e) Effect on other laws

  Nothing contained in this chapter shall be construed to limit the

  authority of the Commission under any other provisions of law.

  § 6506. Review

  Not later than 5 years after the effective date of the regulations initially issued under section 6502 of this title, the Commission shall

  (1) review the implementation of this chapter, including the effect of the implementation of this chapter on practices relating to the collection

  and disclosure of information relating to children, children’s ability

  to obtain access to information of their choice online, and on the

  availability of websites directed to children; and

  (2) prepare and submit to Congress a report on the results of the review

  under paragraph (1).

  Appendix C: Government

  Data Privacy Laws*

  E-Government Act (44 U.S.C. § 101)

  Chapter 1: Homeland Security Organization

  • § 101. Definitions

  • § 102. Construction; Severability

  • § 103. Use of Appropriated Funds

  Subchapter I: Department of Homeland Security (§§ 111–115)

  Subchapter II: Information Analysis and Infrastructure Protection

  (§§ 121–165)

  Subchapter III: Science and Technology in Support of Homeland

  Security (§§ 181–195c)

  Subchapter IV: Directorate of Border and Transportation Security

  (§§ 201–298)

  Subchapter V: National Emergency Management (§§ 311–321n)

  Subchapter VI: Treatment of Charitable Trusts for Members of the

  Armed Forces of the United States and Other Governmental

  Organizations (§ 331)

  Subchapter VII: Management (§§ 341–347)

  Subchapter VIII: Coordination with Non-Federal Entities; Inspector

  General; United States Secret Service; Coast Guard; General

 

‹ Prev