The TLDR Act would require covered entities that operate commercial websites or online services to publish a short-form terms of service summary on their site, include a graphic data flow diagram, and present full terms in an interactive data format. It also directs the Federal Trade Commission to finalize a rule within 360 days that defines what must appear in the summary and how it should be presented.
The bill makes clear that this does not create new contractual obligations, but it does establish new disclosure and formatting requirements designed to improve user understanding of how data is processed and shared.
If enacted, the law would place the onus on large online platforms to make data processing clearer—covering categories of sensitive information, the purposes for data use, and user rights—while giving states a role in enforcement. The rulemaking and the emphasis on accessibility, machine readability, and interactive formats aim to standardize disclosures across services, potentially raising compliance costs but improving transparency for millions of users.
At a Glance
What It Does
Requires a short-form TOS summary at the top of the terms page, a graphic data flow diagram beneath it, and an interactive data format tagging system for full terms. The Commission will establish the precise content and formatting in a rule.
Who It Affects
Covers entities that operate commercial websites or online services; small businesses defined as such by the Small Business Act are exempt from coverage.
Why It Matters
Sets a standardized, accessible disclosure framework for how sensitive information is collected, used, and shared, increasing transparency and enabling better consumer choice.
More articles like this one.
A weekly email with all the latest developments on this topic.
What This Bill Actually Does
The TLDR Act mandates that a covered entity publish a concise, user-friendly summary of its terms of service at the top of the TOS page. This summary must be accessible to people with disabilities and low literacy, be machine readable, and be accompanied by a graphic data flow diagram showing how user data—including sensitive information—is shared with subsidiaries, affiliates, and third parties.
The full terms must be available in an interactive data format, with portions tagged for easy navigation and analysis. The summary must cover (1) categories of sensitive information processed, (2) what data is needed for basic service functioning versus additional features, (3) a plain-language summary of legal liabilities and user rights transferred to the entity, (4) historical versions and change logs, (5) deletion options if provided, (6) a history of data breaches in the prior three years, (7) an estimate of the effort required to read the full terms, and (8) any other information the Commission deems necessary.
The Commission is charged with issuing a rule within 360 days that defines the exact content and placement guidelines and with providing guidance on the graphic data flow diagrams. A separate rule will require tagging of TOS content in the interactive format.
The Act also clarifies that these disclosures do not create new contractual obligations and assigns enforcement to the FTC and, in applicable cases, state attorneys general. Definitions cover who is a “covered entity,” what constitutes “sensitive information,” and what qualifies as an “interactive data format.”
The Five Things You Need to Know
The bill defines a ‘covered entity’ as any commercial website or online service, excluding small businesses.
The Commission must issue a rule within 360 days requiring a short-form TOS summary, a graphic data flow diagram, and an interactive data format for full terms.
The short-form summary must cover sensitive information categories, purposes of processing, and user rights/ liabilities.
The summary must appear at the top of the TOS page and the data flow diagram immediately below it.
Enforcement is through the FTC, with state attorney generals able to sue for violations and enforce accordingly.
Section-by-Section Breakdown
Every bill we cover gets an analysis of its key sections.
Short Title
This act may be cited as the Terms-of-service Labeling, Design, and Readability Act (TLDR Act). It establishes the overarching purpose of creating standardized, readable disclosures for terms of service and related data-sharing practices.
Deadline for Rulemaking
Within 360 days of enactment, the Commission must issue a rule under 5 U.S.C. 553 establishing the precise content, format, and placement of the short-form TOS summary and the graphic data flow diagram for covered entities.
No New Contractual Obligation
The requirement to display the short-form summary does not create any new contractual obligation between a user and a covered entity. The mandate is limited to disclosure and presentation formats.
Requirements for the Short-Form TOS Summary
The summary must be accessible to individuals with low literacy and disabilities, machine readable, and capable of accommodating different interfaces. It must be placed at the top of the TOS page; the accompanying graphic data flow diagram sits directly beneath it. The content must cover broad categories of sensitive information, what is needed for core service functioning versus advanced features, and a plain-language note on liabilities and rights transferred.
Graphic Data Flow Diagram Guidance
Within 360 days, the Commission must publish guidelines showing how sensitive information is shared with subsidiaries, affiliates, and third parties. The guidance should illustrate typical data-sharing pathways and the roles of various entities in processing data.
Interactive Data Format Tagging
The Commission will issue a rule requiring portions of the TOS to be tagged using an interactive data format (e.g., XML) to enable structured navigation and programmatic access to key terms, obligations, and data flows.
Enforcement
Enforcement mirrors FTC Act authorities. The FTC can pursue unfair or deceptive acts or practices; states’ attorneys general can bring civil actions on behalf of residents, with notice and coordination provisions, and venue rules aligned with federal practice.
Definitions
Key terms are defined to enable scope: ‘Commission’ means the FTC; ‘covered entity’ means a commercial website or online service, excluding certain small businesses; ‘sensitive information’ includes health data, biometrics, precise geolocation, and other specified categories; ‘interactive data format’ denotes standardized, taggable data formats; and other terms such as ‘process,’ ‘moral rights,’ and ‘third party’ are defined for clarity.
This bill is one of many.
Codify tracks hundreds of bills on Privacy across all five countries.
Explore Privacy in Codify Search →Who Benefits and Who Bears the Cost
Every bill creates winners and losers. Here's who stands to gain and who bears the cost.
Who Benefits
- Individuals with disabilities benefit from accessible, machine-readable summaries designed for low-literacy users and those relying on assistive technology.
- Low-literacy users gain from a concise, easy-to-navigate summary that explains what data is collected and how it’s used.
- General online service users benefit from greater transparency about data flows and the risks/rights associated with their information.
- Compliance teams at covered entities gain a clearer standard and centralized guidance for implementing TOS disclosures, potentially reducing ambiguity.
- State attorneys general and the FTC gain a clearer framework to enforce data-sharing disclosures and ensure consistency across jurisdictions.
Who Bears the Cost
- Covered entities bear the costs of redesigning TOS pages, generating the short-form statements, building or integrating graphic data flow diagrams, and tagging content in an interactive format.
- Engineering and product teams must implement accessibility features, machine-readability, and format changes across interfaces and devices.
- Legal and compliance teams incur ongoing work to maintain up-to-date summaries, change logs, and breach disclosures in line with evolving rules.
- Third-party data handlers and processors may incur costs to align data-sharing disclosures with the new format and ensure consistency with the interactive data tagging.
- Some costs may be passed to consumers indirectly through service design changes or pricing considerations in response to compliance burdens.
Key Issues
The Core Tension
Balancing robust, universal transparency with the practical costs and technical complexity of implementing accessible, machine-readable TOS disclosures across a wide range of platforms and data-sharing arrangements.
The TLDR Act lays out a forward-looking framework that aims to standardize how terms of service are presented and understood. While the intent is consumer protection and transparency, the breadth of “sensitive information” and the requirement for accessible, machine-readable, and interactive formats could impose substantial compliance costs on large platforms.
The Act defers many specifics to FTC rulemaking, which creates a transition period where entities must prepare for upcoming standards. Questions remain about how the interactive data format will be implemented across diverse devices and whether some small platforms will face disproportionate burdens despite the coverage limitation.
The interaction with existing state privacy laws and industry-specific disclosures will also require careful coordination.
Try it yourself.
Ask a question in plain English, or pick a topic below. Results in seconds.