Listen
to
this
post
On
May
4,
2023,
the
Florida
Senate
and
House
of
Representatives
voted
in
favor
of
sending
the
Florida
Digital
Bill
of
Rights
(“FDBR”)
and
other
amendments
related
to
government
moderation
of
social
media
and
protection
of
children
in
online
spaces
(S.B.
262)
to
Governor
Ron
DeSantis
for
signature.
Unlike
the
other
comprehensive
state
privacy
laws
that
have
been
enacted,
the
FDBR
applies
to
a
much
narrower
subset
of
entities.
FDBR
Applicability
If
enacted,
the
FDBR
would
apply
to
a
“controller,”
meaning
an
entity
that
conducts
business
in
Florida,
collects
personal
data
about
consumers,
makes
in
excess
of
$1
billion
in
global
gross
annual
reviews
and
satisfies
at
least
one
of
the
following:
(1)
derives
50
percent
or
more
of
its
global
gross
annual
revenues
from
the
sale
of
advertisements
online,
including
providing
targeted
advertising
or
the
sale
of
ads
online;
(2)
operates
a
consumer
smart
speaker
and
voice
command
component
service
with
an
integrated
virtual
assistant
connected
to
a
cloud
computing
service
that
uses
hands-free
verbal
activation;
or
(3)
operates
an
app
store
or
a
digital
distribution
platform
that
offers
at
least
250,000
different
software
applications
for
consumers
to
download
and
install.
“Consumer”
means
an
individual
resident
or
domiciled
in
Florida
and
does
not
include
an
individual
acting
in
a
commercial
or
employment
context.
Controller
Obligations
The
FDBR
would
require
controllers
to:
(1)
provide
a
privacy
notice
with
certain
specified
content;
(2)
establish
a
secure
and
reliable
means
for
consumers
to
exercise
their
privacy
rights
under
the
law;
(3)
obtain
a
consumer’s
consent
to
process
sensitive
data;
(4)
enter
into
contracts
with
its
processors;
and
(5)
conduct
and
document
data
protection
assessments.
The
FDBR
also
uniquely
would
require
a
controller
that
operates
a
search
engine
to
make
available
on
its
website
“an
up-to-date
plain
language
description
of
the
main
parameters
that
are
individually
or
collectively
the
most
significant
in
determining
ranking
and
the
relative
importance
of
those
main
parameters,
including
the
prioritization
or
deprioritization
of
political
partisanship
or
political
ideology
in
search
results.”
Controllers
would
not
be
required
to
disclose
algorithms
or
any
other
information
that,
“with
reasonable
certainty,
would
enable
deception
of
or
harm
to
consumers
through
the
manipulation
of
search
results.”
Consumer
Rights
The
FDBR
would
provide
consumers
the
right
to
(1)
confirm
whether
a
controller
is
processing
the
consumer’s
personal
data
and
to
access
the
personal
data;
(2)
correct
inaccuracies
in
the
consumer’s
personal
data;
(3)
delete
any
or
all
personal
data
provided
by
or
obtained
about
the
consumer;
(4)
obtain
a
copy
of
the
consumer’s
personal
data;
(5)
opt
out
of
the
processing
of
the
personal
data
for
purposes
of
targeted
advertising,
the
sale
of
personal
data,
or
profiling
in
furtherance
of
a
decision
that
produces
a
legal
or
similarly
significant
effect
concerning
a
consumer;
(6)
opt
out
of
the
collection
or
processing
of
sensitive
data;
and
(7)
opt
out
of
the
collection
of
personal
data
collected
through
the
operation
of
a
voice
recognition
or
facial
recognition
feature.
Enforcement
The
FDBR
would
provide
for
enforcement
by
the
Florida
Department
of
Legal
Affairs,
civil
penalties
of
up
to
$50,000
per
violation,
and
tripled
penalties
for
certain
violations,
such
as
those
involving
a
known
child.
The
FDBR
would:
-
Not
contain
a
private
right
of
action; -
Provide
for
the
Department
to
adopt
implementing
rules;
and -
Permit
but
not
require
the
Department
to
provide
a
45-day
period
to
cure
an
alleged
violation.
Effective
Date
The
FDBR
would
go
into
effect
on
July
1,
2024.
Related
Statutory
Amendments
in
S.B.
262
In
addition
to
the
FDBR,
S.B.
262
also
contains
provisions
relating
to
government
moderation
of
social
media
and
protection
of
children
in
online
spaces.
Government
Moderation
of
Social
Media
S.B.
262
would
prohibit
a
governmental
entity
from
communicating
with
a
social
media
platform
to
request
that
it
remove
content
or
accounts
from
the
platform,
and
from
initiating
or
maintaining
any
agreements
or
working
relationships
with
a
social
media
platform
for
the
purpose
of
content
moderation
(subject
to
certain
exceptions).
Protection
of
Children
in
Online
Spaces
S.B.
262
would
impose
restrictions
on
an
online
platform
that
provides
an
online
service,
product,
game
or
feature
“likely
to
be
predominantly
access
by
children”
relating
to:
-
Processing
the
personal
information
of
a
child; -
Profiling
a
child; -
Collecting,
selling,
sharing
or
retaining
any
personal
information
that
is
not
necessary
to
provide
an
online
service,
product,
or
feature
with
which
a
child
is
actively
and
knowingly
engaged; -
Using
the
personal
information
of
a
child
for
any
reason
other
than
the
reason
for
which
the
personal
information
was
collected; -
Collecting,
selling,
or
sharing
any
precise
geolocation
data
of
children; -
Using
dark
patterns
to
lead
or
encourage
children
to
take
certain
actions;
and -
Using
any
personal
information
collected
to
estimate
age
or
age
range.
For
violations
of
these
provisions,
S.B.
262
would
provide
for
the
same
enforcement
provisions
as
those
in
the
FDBR,
including
exclusive
enforcement
by
the
Florida
Department
of
Legal
Affairs,
civil
penalties
of
up
to
$50,000
per
violation,
tripled
penalties
for
certain
violations,
and
a
permitted
45-day
cure
period.
About Author
