89R15537 BCH-F     By: Holt H.B. No. 4338       A BILL TO BE ENTITLED   AN ACT   relating to the use of safety management software for children on   large social media platforms.          BE IT ENACTED BY THE LEGISLATURE OF THE STATE OF TEXAS:          SECTION 1.  This Act may be cited as Sammy's Law.          SECTION 2.  Chapter 509, Business & Commerce Code, as added   by Chapter 795 (H.B. 18), Acts of the 88th Legislature, Regular   Session, 2023, is amended by adding Subchapter C-1 to read as   follows:   SUBCHAPTER C-1. SAFETY MANAGEMENT SOFTWARE FOR SOCIAL MEDIA          Sec. 509.121.  DEFINITIONS. In this subchapter:                (1)  "Child" means an individual who is under 17 years   of age.                (2)  "Department" means the Department of Information   Resources.                (3)  "Large social media platform" means a social media   platform to which Chapter 120 applies.                (4)  "Third-party safety software provider" means an   entity that provides software designed to manage online   interactions, content, and account settings for the safety of   children.                (5)  "User data" means any information needed to have a   profile on a large social media platform or content on a large   social media platform, including images, video, audio, or text,   that is created by or sent to a child on or through the child's   account with the platform.          Sec. 509.122.  REQUIREMENTS FOR LARGE SOCIAL MEDIA   PLATFORMS. (a) A large social media platform shall create,   maintain, and make available to third-party safety software   providers a set of real-time application programming interfaces   that allow a child or a parent or legal guardian of a child to   delegate permission to a third-party safety software provider to   manage the online interactions, content, and account settings of   the child on the large social media platform on the same terms as   the child.          (b)  The application programming interfaces must be designed   to allow third-party safety software providers to effectively   manage and monitor a child's online activities and provide   protections against cyberbullying, human trafficking, illegal drug   distribution, sexual harassment, and violence.          (c)  A large social media platform shall establish and   implement reasonable policies, practices, and procedures regarding   the secure transfer of user data to third-party safety software   providers.          (d)  In the case of a delegation made by a child or a parent   or legal guardian of a child under this section, the large social   media platform shall disclose to the child and the parent or legal   guardian of the child that the delegation has been made and provide   a summary of the user data that has been transferred to the   third-party safety software provider.          Sec. 509.123.  IMPLEMENTATION BY DEPARTMENT. The department   shall:                (1)  oversee the implementation of this subchapter;                (2)  establish guidelines and standards for the   application programming interfaces and ensure compliance by large   social media platforms;                (3)  conduct regular audits and assessments to ensure   that large social media platforms are in compliance with the   requirements of this subchapter; and                (4)  provide resources and support to parents and legal   guardians using third-party safety software services to effectuate   the protection of children from dangers including cyberbullying,   human trafficking, illegal drug distribution, sexual harassment,   and violence on large social media platforms.          Sec. 509.124.  REPORTING REQUIREMENTS. (a) A large social   media platform shall submit an annual report not later than January   1 to the department detailing the platform's compliance with the   requirements of this subchapter.          (b)  The department shall submit an annual summary of all   reports submitted by large social media platforms under this   section not later than February 1 to the governor, the lieutenant   governor, the speaker of the house of representatives, and each   standing committee of the legislature with primary jurisdiction   over large social media platforms highlighting the effectiveness of   this subchapter and any areas needing improvement.          Sec. 509.125.  AUTHENTICATION. The department shall:                (1)  issue guidance to facilitate the ability of a   third-party safety software provider to obtain user data or access   in a manner that ensures that a request for user data or access on   behalf of a child is a verifiable request; and                (2)  issue guidance for large social media platforms   and third-party safety software providers regarding the   maintenance of reasonable safety standards to protect user data.          Sec. 509.126.  LIMITATION OF LIABILITY. In any civil action   other than an action brought by the attorney general under   Subchapter D, a large social media platform provider may not be held   liable for damages arising out of the transfer of user data to a   third-party safety software provider if the large social media   platform has in good faith complied with the requirements of this   subchapter and the guidance issued by the department under this   subchapter.          Sec. 509.127.  USER DATA DISCLOSURE. A third-party safety   software provider may not disclose any user data obtained under   this subchapter to another person except:                (1)  under a lawful request from a governmental body,   including for law enforcement purposes or for judicial or   administrative proceedings;                (2)  to the extent that the disclosure is required by   law and the disclosure complies with and is limited to the relevant   requirements of such law;                (3)  to the child or a parent or legal guardian of the   child who made a delegation under this subchapter and whose data is   at issue, with the third-party safety software provider making a   good faith effort to ensure that the disclosure includes only the   user data necessary for a reasonable parent or guardian to   understand that the child is experiencing or is at foreseeable risk   to experience harm;                 (4)  in the case of a reasonably foreseeable serious   and imminent threat to the health or safety of any individual, if   the disclosure is made to a person or persons reasonably able to   prevent or lessen the threat; and                (5)  to a public health authority or other appropriate   government authority authorized by law to receive reports of child   abuse or neglect.          Sec. 509.128.  DISCLOSURE REPORTING. A third-party safety   software provider that makes a disclosure permitted by this   subchapter shall promptly inform the child with respect to whose   account the delegation was made and the parent or legal guardian   that a disclosure has been or will be made, unless:                (1)  the third-party safety software provider, in the   exercise of professional judgment, believes informing the child or   parent or legal guardian would place the child at risk of serious   harm; or                (2)  the third-party safety software provider is   prohibited by law from informing the child or parent or legal   guardian.          Sec. 509.129.  CONFLICT WITH OTHER LAW. To the extent of any   conflict between this subchapter and another provision of this   chapter, this subchapter controls.          SECTION 3.  This Act takes effect September 1, 2025.