268 | Nebraska Data Privacy Act
Section 1.
Sections 1 to 30 of this act shall be known and may be cited as the Data Privacy Act.
Sec. 2.
For purposes of the Data Privacy Act:
(1)  Affiliate means a legal entity that controls, is controlled by, or is under common control with another legal entity or shares
common branding with another legal entity. For purposes of this subdivision, control or controlled means:
(a)  The ownership of, or power to vote, more than fifty percent of the outstanding shares of any class of voting security of
a company;
(b)  The control in any manner over the election of a majority of the directors or of individuals exercising similar functions;
or
(c) The power to exercise controlling influence over the management of a company;
(2) Authenticate means to verify through reasonable means that the consumer who is entitled to exercise the consumer’s
rights under sections 7 to 11 of this act, or a person on behalf of such consumer, is the same consumer exercising those
consumer rights with respect to the personal data at issue;
(3)(a)  Biometric data means data that is generated to identify a specific individual through an automatic measurement of a
biological characteristic of such individual and includes any:
(i) Fingerprint;
(ii) Voice print;
(iii) Retina image;
(iv) Iris image; or
(v) Unique biological pattern or characteristic.
(b) Biometric data does not include:
(i)  Except when generated to identify a specific individual, any physical or digital photograph, video or audio recording,
or data generated from a physical or digital photograph; or
(ii)  Information collected, used, or stored for health care treatment, payment, or operations under the Health Insurance
Portability and Accountability Act;
(4) Business associate has the meaning assigned to the term by the Health Insurance Portability and Accountability Act;
(5) Child means an individual younger than thirteen years of age;
(6)(a)  Consent means, when referring to a consumer, a clear and affirmative act signifying a consumer’s freely given, specific,
informed, and unambiguous agreement to process personal data relating to the consumer, including a statement written
by electronic means or any other unambiguous affirmative action by the consumer.
(b) Consent, when referring to a consumer, does not include:
(i)  Acceptance of a general or broad term of use or similar document that contains a description of personal data
processing along with other, unrelated information;