Consumer rights
→ Right to access: The right for a consumer to
access from a business/data controller the
information or categories of information collected
about a consumer, the information or categories
of information shared with third parties, or the
specific third parties or categories of third parties
to which the information was shared; or, some
combination of similar information.
→ Right to correct: The right for a consumer to
request that incorrect or outdated personal
information be corrected but not deleted.
→ Right to delete: The right for a consumer to
request deletion of personal information about
the consumer under certain conditions.
→ Right to opt out of certain processing: The right for
a consumer to restrict a business’s ability to process
personal information about the consumer.
→ Right to portability: The right for a consumer
to request personal information about the
consumer be disclosed in a common file format.
→ Right to opt out of sales: The right for a
consumer to opt out of the sale of personal
information about the consumer to third parties.
→ Right to opt in for sensitive data processing: The
right for a consumer to opt in before a business
can process their sensitive data.
→ Right against automated decision-making: A
prohibition against a business making decisions
about a consumer based solely on an automated
process without human input.
→ Private right of action: The right for a consumer
to seek civil damages from a business for
violations of a statute.
Business obligations
→ Opt-in default (requirement age): A restriction
placed on a business to treat consumers under a
certain age with an opt-in default for the sale of
their personal information.
→ Notice/transparency requirement: An obligation
placed on a business to provide notice to
consumers about certain data practices, privacy
operations, and/or privacy programs.
→ Risk assessments: An obligation placed on a
business to conduct formal risk assessments of
privacy and/or security projects or procedures.
→ Prohibition on discrimination (exercising
rights): A prohibition against a business treating
a consumer who exercises a consumer right
differently than a consumer who does not
exercise a right.
→ Purpose/processing limitation: An EU General
Data Protection Regulation–style restrictive
structure that prohibits the collection/
processing of personal information except
for a specific purpose.
This is from their "chart" PDF
https://m.stacker.news/18146
https://iapp.org/media/pdf/resource_center/State_Comp_Privacy_Law_Chart.pdf
Consumer rights → Right to access: The right for a consumer to access from a business/data controller the information or categories of information collected about a consumer, the information or categories of information shared with third parties, or the specific third parties or categories of third parties to which the information was shared; or, some combination of similar information. → Right to correct: The right for a consumer to request that incorrect or outdated personal information be corrected but not deleted. → Right to delete: The right for a consumer to request deletion of personal information about the consumer under certain conditions. → Right to opt out of certain processing: The right for a consumer to restrict a business’s ability to process personal information about the consumer. → Right to portability: The right for a consumer to request personal information about the consumer be disclosed in a common file format. → Right to opt out of sales: The right for a consumer to opt out of the sale of personal information about the consumer to third parties. → Right to opt in for sensitive data processing: The right for a consumer to opt in before a business can process their sensitive data. → Right against automated decision-making: A prohibition against a business making decisions about a consumer based solely on an automated process without human input. → Private right of action: The right for a consumer to seek civil damages from a business for violations of a statute. Business obligations → Opt-in default (requirement age): A restriction placed on a business to treat consumers under a certain age with an opt-in default for the sale of their personal information. → Notice/transparency requirement: An obligation placed on a business to provide notice to consumers about certain data practices, privacy operations, and/or privacy programs. → Risk assessments: An obligation placed on a business to conduct formal risk assessments of privacy and/or security projects or procedures. → Prohibition on discrimination (exercising rights): A prohibition against a business treating a consumer who exercises a consumer right differently than a consumer who does not exercise a right. → Purpose/processing limitation: An EU General Data Protection Regulation–style restrictive structure that prohibits the collection/ processing of personal information except for a specific purpose.