The TLDR Act mandates clear, concise summaries of online terms of service, including data usage and user rights, to improve transparency and accessibility for all users.
Lori Trahan
Representative
MA-3
The TLDR Act requires the FTC to create rules for online services and websites to provide short, easy-to-understand summaries of their terms of service, including data flow diagrams and information on data breaches. These summaries must highlight key aspects like data usage, user liabilities, and data deletion options. The FTC will enforce these rules, and state attorneys general can also sue on behalf of residents. This act aims to increase transparency and readability of online terms of service for consumers.
TLDR Act Mandates Clear Summaries and Data Maps for Online Terms of Service
Ever clicked 'Agree' without reading pages of dense legal text? The proposed 'Terms-of-service Labeling, Design, and Readability Act,' or 'TLDR Act,' aims to change that. It directs the Federal Trade Commission (FTC) to establish rules within a year requiring most commercial websites and online services to provide a short, easy-to-understand summary statement right at the top of their terms of service (ToS).
Finally, Terms You Might Actually Read
This isn't just about shortening things; it's about clarity. The required summary needs to be truthful, accessible (even for those with low literacy or disabilities), and machine-readable. Think clear tables, icons, or links instead of just walls of text. Key details must be included upfront:
- What sensitive info they collect: Health, location, biometrics, finances, browsing history – it needs to be listed.
- Why they need it: What data is essential for the service now, and what's for potential future features?
- Your rights (or lack thereof): Summaries must spell out things like mandatory arbitration clauses, class action waivers, or if you're signing away rights to content you create.
- Deletion options: Clear instructions on how to delete your data, if the service allows it.
- Breach history: A list of reported data breaches from the past three years.
- The time commitment: An estimated reading time and word count for the full ToS, so you know what you're skipping (or committing to).
Mapping Your Data's Journey
Beyond the summary, the bill requires a 'truthful and not misleading' graphic illustrating how your user data flows. The FTC will issue guidelines on how companies should visually represent data sharing with subsidiaries, affiliates, and other third parties. This aims to give you a clearer picture of where your information actually goes once you hand it over.
Holding Services Accountable
So, what happens if a company doesn't comply or creates a misleading summary? The TLDR Act treats violations as 'unfair or deceptive practices' under existing FTC rules, giving the agency enforcement power. Additionally, State Attorneys General get the green light to sue companies on behalf of residents (if at least 1,000 are affected) to stop violations, seek damages, or enforce compliance. It's worth noting that 'covered entities' exclude small businesses, meaning your favorite local startup might not be subject to these rules. The goal is to make those lengthy agreements less of a black box and give users a fighting chance to understand what they're agreeing to online.