Skip navigation Wisconsin State Legislature
This is the preview version of the Wisconsin State Legislature site.
Please see http://docs.legis.wisconsin.gov for the production version.
Up
SB851,17,2
12. To detect security incidents, to protect against malicious, deceptive,
2fraudulent, or illegal activity, or to prosecute a person responsible for that activity.
SB851,17,43 3. To debug to identify and repair errors that impair existing or intended
4functionality.
SB851,17,65 4. To exercise free speech, to ensure the right of another consumer to exercise
6free speech, or to exercise another right provided by law.
SB851,17,117 5. If the consumer provides informed consent, to engage in public or
8peer-reviewed scientific, historical, or statistical research in the public interest that
9adheres to all other applicable ethics and privacy laws, if the business's deletion of
10the personal information is likely to render impossible or seriously impair the
11achievement of that research.
SB851,17,1412 6. To enable solely internal uses that are reasonably aligned with the
13expectations of the consumer based on the consumer's relationship with the
14business.
SB851,17,1515 7. To comply with a legal obligation.
SB851,17,1816 8. To otherwise use the consumer's personal information internally in a lawful
17manner that is compatible with the context in which the consumer provided the
18information.
SB851,17,23 19(6) Discrimination prohibited. (a) 1. A business may not discriminate against
20a consumer because the consumer makes a verifiable consumer request under sub.
21(3) (a) or (c) or (5) or because under sub. (4) (c) the personal information of the
22consumer was not permitted to be sold by the business, including by doing any of the
23following:
SB851,17,2424 a. Denying goods or services to the consumer.
SB851,18,2
1b. Charging different prices or rates for goods or services, including through the
2use of discounts or other benefits or imposing penalties.
SB851,18,33 c. Providing a different level or quality of goods or services to the consumer.
SB851,18,54 d. Suggesting that the consumer will receive a different price or rate for goods
5or services or a different level or quality of goods or services.
SB851,18,96 2. This paragraph does not prohibit a business from charging a consumer a
7different price or rate, or from providing a different level or quality of goods or
8services to the consumer, if the difference is reasonably related to the value provided
9to the consumer by the consumer's data.
SB851,18,1510 (b) 1. A business may offer financial incentives, including payments to
11consumers as compensation, for the collection of a consumer's personal information,
12the sale of a consumer's personal information, or the deletion of a consumer's
13personal information. A business may also offer a different price, rate, level, or
14quality of goods or services to a consumer if that difference is directly related to the
15value provided to the consumer by the consumer's data.
SB851,18,1916 2. A business may enter a consumer into a financial incentive program
17described in subd. 1. only if the consumer or the consumer's parent or guardian
18affirmatively authorizes entry into the program after receiving a notice that clearly
19describes the material terms of the program.
SB851,18,2120 3. A consumer or a consumer's parent or guardian may revoke entry into a
21financial incentive program described in subd. 1. at any time.
SB851,18,2422 4. If a business offers a financial incentive program described in subd. 1., the
23business shall include a description of the program on the Internet page described
24in sub. (4) (b) 1. a. and in the policies described in sub. (4) (b) 1. b.
SB851,19,2
15. A business may not use financial incentive practices that are unjust,
2unreasonable, coercive, or usurious in nature.
SB851,19,5 3(7) Guidance; rules. (a) A business or 3rd party may request advice from the
4attorney general on how to comply with this section, and the attorney general shall
5respond to the request.
SB851,19,76 (b) The department of justice shall promulgate rules to implement this section,
7including the following:.
SB851,19,98 1. Rules that specify additional categories of personal information to those
9enumerated in sub. (1) (i) 1.
SB851,19,1210 2. Rules that specify unique personal identifiers to address changes in
11technology, changes in data collection, obstacles to implementing this section, and
12privacy concerns.
SB851,19,1413 3. Rules that specify additional methods for consumers to make requests and
14businesses to provide disclosures under this section.
SB851,19,1715 4. Rules that establish any exceptions necessary to comply with other state or
16federal law, including exceptions relating to trade secrets and intellectual property
17rights.
SB851,19,1818 5. Rules that establish procedures for the following:
SB851,19,1919 a. The submission of a direction under sub. (4) (c) 1. a.
SB851,19,2020 b. Business compliance with a direction submitted under sub. (4) (c) 1. a.
SB851,19,2321 c. The use of a recognizable and uniform logo or button by all businesses to
22promote consumer awareness of the option to make a direction under sub. (4) (c) 1.
23a.
SB851,20,224 6. Rules that ensure that the notices and information that business are
25required to provide under this section are provided in a manner that may be easily
1understood by the average consumer, are accessible to consumers with disabilities,
2and are available in the language primarily used to interact with the consumer.
SB851,20,123 7. Rules that facilitate a consumer's or, under sub. (4) (c) 1. b., a representative's
4ability to make a request or submit a direction under this section, with the goal of
5minimizing the administrative burden on consumers, taking into account available
6technology, security concerns, and the burden on the business, to govern a business's
7determination that a request by a consumer is a verifiable consumer request,
8including by treating a request submitted through a password-protected account
9maintained by the consumer with the business while the consumer is logged into the
10account as a verifiable consumer request and providing a mechanism for a business
11to authenticate the identity of a consumer who does not maintain an account with
12the business and requests information or submits a direction under this section.
SB851,20,1713 (c) The department of justice shall adjust the monetary threshold amount in
14sub. (1) (c) 1. a. in January of every odd-numbered year by the percentage change
15in the U.S. consumer price index for all urban consumers, U.S. city average, as
16determined by the federal department of labor for the period since the last
17adjustment under this paragraph.
SB851,20,20 18(8) Contracts in violation. A provision in a contract or agreement that
19purports to waive or limit a requirement under this section is void and
20unenforceable.
SB851,20,25 21(9) Private cause of action. (a) 1. A consumer may initiate an action against
22a business to enforce a written statement under subd. 2. and may pursue injunctive
23or declaratory relief, damages in an amount not less than $100 and not more than
24$750 per consumer per incident or actual damages, whichever is greater, or any other
25relief the court deems proper if all of the following apply:
SB851,21,4
1a. The consumer, on an individual or class-wide basis, provides the business
2with written notice identifying that the consumer's nonencrypted or nonredacted
3personal information is subject to an unauthorized access and exfiltration, theft, or
4disclosure as a result of the business's violation of sub. (4) (f).
SB851,21,65 b. The business continues to violate sub. (4) (f) more than 30 days after
6receiving the written notice under subd. 1. a.
SB851,21,107 2. No action may be brought under subd. 1. if within 30 days of receiving a
8written notice under subd. 1. a., a business cures the noticed violation of sub. (4) (f)
9and provides the consumer that provided the written notice with an express written
10statement that the violation has been cured.
SB851,21,1611 3. In assessing the amount of damages under subd. 1., a court shall consider
12the relevant circumstances presented by any of the parties to the case, including the
13nature and seriousness of the misconduct, the number of violations, the persistence
14of the misconduct, the length of time over which the misconduct occurred, the
15willfulness of the defendant's misconduct, and the defendant's assets, liabilities, and
16net worth.
SB851,21,1817 (b) A consumer may initiate an action against a business solely for actual
18pecuniary damages suffered as a result of the business's violation of sub. (4) (f).
SB851,21,19 19(10) Inapplicability. (a) This section does not do any of the following:
SB851,21,2120 1. Restrict a business from complying with federal or state laws or local
21ordinances.
SB851,21,2322 2. Restrict a business from complying with a civil, criminal, or regulatory
23inquiry, investigation, subpoena, or summons by federal, state, or local authorities.
SB851,22,224 3. Restrict a business, service provider, or 3rd party from cooperating with law
25enforcement agencies concerning conduct or activity that the business, service
1provider, or 3rd party reasonably and in good faith believes might violate federal,
2state, or local law.
SB851,22,33 4. Restrict a business from exercising or defending legal claims.
SB851,22,54 5. Restrict the collection, use, retention, sale, or disclosure of consumer
5information that is deidentified or aggregate consumer information.
SB851,22,96 6. Restrict the collection or sale of a consumer's personal information if the
7information is collected while the consumer was outside of this state, no part of any
8sale of the consumer's personal information occurs in this state, and no personal
9information collected from a consumer while the consumer is in this state is sold.
SB851,22,1010 (b) This section does not apply to any of the following:
SB851,22,1211 1. Medical information that is collected by a health care provider or entity and
12covered by federal law.
SB851,22,1513 2. Information collected as part of a clinical trial subject to the Federal Policy
14for the Protection of Human Subjects while following standards developed by
15international organizations of federal agencies.
SB851,22,1916 3. Personal information sold to or from a consumer reporting agency, as defined
17in s. 422.501 (1m), if the information is reported in or used to generate a consumer
18report, as defined in s. 100.54 (1) (b), and the use of the information complies with
19the federal Fair Credit Reporting Act, 15 USC 1681 et seq.
SB851,22,2120 4. Personal information collected, processed, sold, or disclosed pursuant to the
21federal Gramm-Leach-Bliley Act, Public Law 106-102.
SB851,22,2322 5. Personal information collected, processed, sold, or disclosed pursuant to the
23the federal Driver's Privacy Protection Act, 18 USC 2721 et seq.
SB851,23,3 24(11) Violations; penalty. (a) If a series of steps or transactions are component
25parts of a single transaction intended from the beginning to be taken with the
1intention of avoiding the requirements of this section, including the disclosure of
2information by a business to a 3rd party in order to avoid constituting a sale, a court
3shall disregard the intermediate steps or transactions for purposes of this section.
SB851,23,94 (b) The department of justice may, if a business, service provider, or person
5violates this section more than 30 days after receiving notification of the violation
6from the department of justice, commence an action in the name of the state against
7the business, service provider, or other person to recover a forfeiture to the state of
8not more than $2,500 for each violation or a forfeiture of not more than $7,500 for
9each intentional violation.
SB851,2 10Section 2 . Initial applicability.
SB851,23,1211 (1) This act first applies to a contract that is entered into, renewed, or modified
12on the effective date of this subsection.
SB851,3 13Section 3 . Effective date.
SB851,23,1514 (1) This act takes effect on the first day of the 7th month beginning after
15publication.
SB851,23,1616 (End)
Down
Loading...
Loading...