Sponsors
The bill increases transparency and user control over online data (machine‑readable disclosures, data‑flow diagrams, deletion controls, and breach histories) and strengthens enforcement, but imposes meaningful compliance costs—especially on smaller businesses—and raises risks of competitive disclosure, accessibility/implementation gaps, and duplicative legal enforcement.
All internet users gain clearer, machine‑readable and interactive privacy summaries plus explicit controls (including deletion directions and disclosure of which data are required vs optional), making privacy notices easier to understand and exercise.
All internet users get visual data‑flow diagrams that show sharing of sensitive data with affiliates and third parties, increasing transparency about where their data goes.
Consumers benefit from a federally/ state‑reported 3‑year breach history for covered sites, improving the ability of individuals to assess risk when choosing services.
Small businesses and covered entities must incur compliance costs and operational work to produce machine‑readable summaries, interactive formats, and diagrams within 360 days, imposing disproportionate burdens on smaller operators.
Broad disclosure requirements (sensitive categories, liabilities, breach history) could reveal competitive information and increase litigation risk for firms, which may be passed on to consumers or taxpayers through higher prices or reduced services.
Mandating standardized machine‑readable formats and interactive tagging may create accessibility and interoperability challenges if specifications are poor, limiting usefulness for people with disabilities and low‑income users.
Based on analysis of 2 sections of legislative text.
Requires the FTC to mandate machine-readable short summaries, graphic data-flow diagrams, and interactive full terms for online terms of service.
Introduced March 10, 2025 by Lori Trahan · Last progress March 10, 2025
Requires the Federal Trade Commission to write a rule (within 360 days) forcing companies that publish terms of service to present three things on their sites or apps: a short, truthful, machine-readable summary of the terms; a graphic showing how user sensitive data flows to affiliates and third parties; and the full terms in an interactive data format. The rule must make summaries accessible to people with low literacy and disabilities, disclose categories of sensitive data and what is required for basic versus optional features, show reading time estimates and breach history, and include directions for deleting sensitive data; the short summary is not a new contract.