ACCESS Act Section by Section FINAL.
ACCESS Act Section by Section FINAL.
Section-by-Section Summary
Section 1 – Short Title
Section 2 – Definitions
Commission
Communications Provider
Competing Communications Provider
Competing Communications Service
Custodial Third-Party Agent
Interoperability Interface
Large Communications Platform
Large Communications Platform Provider
User Data
Section 3- Portability
Large communications platform providers – i.e. providers operating communications
platforms with over 100 million monthly active users in the U.S. – must operate
transparent, third-party accessible interfaces that allow users to safely transfer their data
(directly to the user or to a competing communications provider acting at the direct of a
user)
Competing providers that receive ported data must properly secure ported data
Products or services that do not generate income from the collection, use, or sharing of
user data are exempt from the Act’s portability obligation
Section 4 – Interoperability
Large communications platform providers must operate transparent, third-party
accessible interfaces (“interoperability interfaces”) that facilitate and maintain compatible
communications with competing providers
Competing providers that receive data through an interoperability interface must properly
secure all data accessed via that interface
The bill sets forth terms of service under which a large communications platform
provider must maintain interoperability, including:
o non-discrimination, by which a platform provider must facilitate interoperability
based on fair, reasonable, and nondiscriminatory terms
o reasonable fees and access terms, by which a platform can:
establish reasonable thresholds on the frequency, nature, and volume of
requests, including assessing a reasonable fee for such access
establish reasonable usage expectations to govern access by competing
providers
provide advanced public notice of any fees, penalties, or usage
expectations associated with access (or changes) to an interoperability
interface
o privacy and security standards, which a platform provider must set consistent with
industry best practices, as well as an obligation to report suspected violations to
the Federal Trade Commission
o prohibiting changes to interfaces, or to terms of use, which would undermine
interoperability by competing communications services
If a large communications platform provider uses an interoperability interface between its
own platforms and services, it must offer an equivalent interface to competitors
In the context of communications between a user of a large communications platform
provider and a user of a competing communication provider, neither provider may
collect, use or share the data associated with the other service provider’s users
Products or services that do not generate income from the collection, use, or sharing of
user data are exempt from the interoperability obligation
Section 5 – Delegatability
Users of a large communications platform may delegate the management of their online
interactions, content, and account settings to a custodial third-party agent
The FTC must establish rules to authenticate access by custodial third-party agents
Custodial third-party agents must register with the FTC and abide by a list of rules
governing their access to large communications platforms. If custodial third-party agents
do not, they are subject to a range of penalties, including revocation of access rights
Custodial third-party agents:
o must reasonably safeguard the privacy and security of any user data provided by a
user or accessed on a user’s behalf
o may not collect, use, or share user data for the commercial benefit of the custodial
third-party agent
o do not gain greater access rights than the user has to a large communications
platform, and
o cannot access or manage user’s online interactions in any way that:
benefits the third-party agent and harms the user,
will result in foreseeable harm to the user, or
is inconsistent with the directions or reasonable expectations of the user
Section 6 – Implementation and Enforcement
The FTC must promulgate regulations no later than 1 year after the enactment date
No later than 180 days after enactment, the FTC, in consultation with industry
stakeholders, shall establish rules for verifying user portability and interoperability
requests
No later than 180 days after enactment, the National Institute of Standards and
Technology must develop and publish model technical standards for interoperability
among popular services, including:
o online messaging,
o multimedia sharing, and
o social networking
Large communications providers who maintain interoperability through open standards,
such as those established by NIST, are entitled to a rebuttable presumption of providing
access on fair, reasonable, and non-discriminatory terms
The FTC must regularly assess compliance by large communications platform providers
The FTC will establish procedures so users and competing platform providers may file
complaints alleging that a large communications provider, competing provider, or third-
party agent has violated this Act
The FTC is empowered to treat violations of the Act as violations of a rule defining an
unfair or deceptive act or practice – allowing the FTC to directly assess fines or related
penalties for violations
The Act shall supersede conflicting state laws and regulations
Section 7 – Relation to Other Laws
Nothing in the Act modifies, limits, or supersedes the operation of any privacy or security
provision in—
the Privacy Act of 1974;
the Right to Financial Privacy Act of 1978;
the Fair Debt Collection Practices Act;
the Children’s Online Privacy Protection Act of 1998;
title V of the Gramm-Leach-Bliley Act;
chapters 119, 123, and 206 of title 18, United States Code;
the Family Educational Rights and Privacy Act of 1974;
section 445 of the General Education Provisions Act;
the Privacy Protection Act of 1980;
the regulations promulgated under section 264(c) of the Health Insurance Portability and
Accountability Act of 1996 (42 U.S.C. 1320d–2 note), as those regulations relate to—
o a person described in section 1172(a) of the Social Security Act; or
o transactions referred to in section 1173(a)(1) of the Social Security Act;
the Communications Assistance for Law Enforcement Act;
sections 222 and 227 of the Communications Act of 1934; or
any other privacy or security provision of Federal law