Amendment #14 to S.2619

Amendment #14 to S2619

Protecting Philosophical Beliefs

Ms. Montaño of Boston moves to amend the bill by striking out Section 6 and inserting in place thereof the following section:

"(a) A controller shall:

(1) limit the collection of personal data to what is reasonably necessary and proportionate to provide or maintain a specific product or service requested by the consumer to whom the data pertains, including any routine administrative, operational, or account-servicing activity, such as billing, shipping, delivery, storage, accounting, or sending communications;

(2) not process or transfer personal data concerning a consumer in a manner that is inconsistent with the reasonable expectations of the consumer;

(3) not collect, process, or transfer sensitive data concerning a consumer except when such collection, processing, or transfer is strictly necessary to provide or maintain a specific product or service requested by the consumer to whom the sensitive data pertains;

(4) not sell:

(i) precise geolocation data regarding a consumer; or

(ii) sensitive data other than precise geolocation data regarding a consumer without obtaining the consumer’s affirmative consent;

(iii) partial or complete communications including messages, emails or social media posts or records of their web search(es) and organizational membership status revealing the philosophical beliefs of the consumer or those of an individual or individuals with whom they are communicating or any information about their philosophical beliefs that is derived from these.

(5) establish, implement and maintain reasonable administrative, technical and physical data security practices to protect the confidentiality, integrity and accessibility of personal data appropriate to the volume and nature of the personal data at issue, including disposing of personal data in accordance with a retention schedule that requires the deletion of personal data when the data is required to be deleted by law or is no longer necessary for the purpose for which the data was collected, processed, or transferred;

(6) not transfer or sell sensitive data concerning a consumer without obtaining the consumer's affirmative consent, or, in the case of the collection or processing of personal data concerning a known child, without collecting or processing such data in accordance with COPPA;"

(7) not transfer or sell partial or complete communications including messages, emails or social media posts or records of their web search(es) and organizational membership status revealing the philosophical beliefs of the consumer or those of an individual or individuals with whom they are communicating or any information about their philosophical beliefs that is derived from these without obtaining the consumer's affirmative consent.