0 sats \ 1 reply \ @kr 29 Feb \ on: US State Privacy Legislation charts_and_numbers
is there a good TL;DR on what constitutes a “comprehensive privacy bill”?
This is from their "chart" PDF
Consumer rights
→ Right to access: The right for a consumer to
access from a business/data controller the
information or categories of information collected
about a consumer, the information or categories
of information shared with third parties, or the
specific third parties or categories of third parties
to which the information was shared; or, some
combination of similar information.
→ Right to correct: The right for a consumer to
request that incorrect or outdated personal
information be corrected but not deleted.
→ Right to delete: The right for a consumer to
request deletion of personal information about
the consumer under certain conditions.
→ Right to opt out of certain processing: The right for
a consumer to restrict a business’s ability to process
personal information about the consumer.
→ Right to portability: The right for a consumer
to request personal information about the
consumer be disclosed in a common file format.
→ Right to opt out of sales: The right for a
consumer to opt out of the sale of personal
information about the consumer to third parties.
→ Right to opt in for sensitive data processing: The
right for a consumer to opt in before a business
can process their sensitive data.
→ Right against automated decision-making: A
prohibition against a business making decisions
about a consumer based solely on an automated
process without human input.
→ Private right of action: The right for a consumer
to seek civil damages from a business for
violations of a statute.
Business obligations
→ Opt-in default (requirement age): A restriction
placed on a business to treat consumers under a
certain age with an opt-in default for the sale of
their personal information.
→ Notice/transparency requirement: An obligation
placed on a business to provide notice to
consumers about certain data practices, privacy
operations, and/or privacy programs.
→ Risk assessments: An obligation placed on a
business to conduct formal risk assessments of
privacy and/or security projects or procedures.
→ Prohibition on discrimination (exercising
rights): A prohibition against a business treating
a consumer who exercises a consumer right
differently than a consumer who does not
exercise a right.
→ Purpose/processing limitation: An EU General
Data Protection Regulation–style restrictive
structure that prohibits the collection/
processing of personal information except
for a specific purpose.
reply