GDPR and US States General Privacy Laws Deskbook

Page 5 - GDPR and US States General Privacy Laws Deskbook

P. 5

5 | General Privacy Laws Deskbook: US State Laws and GDPR
Colorado Privacy Act .................................................................................................................................................................................. 103
6-1-1301. Short title. The “Colorado Privacy Act”. . ................................................................................................................................................. 104
6-1-1302. Legislative declaration. . .............................................................................................................................................................................. 104
6-1-1303. Definitions. . ................................................................................................................................................................................................... 105
6-1-1304. Applicability of part. . ................................................................................................................................................................................... 108
6-1-1305. Responsibility according to role. .............................................................................................................................................................. 111
6-1-1306. Consumer personal data rights - repeal. ................................................................................................................................................ 112
6-1-1307. Processing de-identified data. .................................................................................................................................................................. 114
6-1-1308. Duties of controllers. .................................................................................................................................................................................. 115
6-1-1309. Data protection assessments - attorney general access and evaluation - definition. . ................................................................. 116
6-1-1310. Liability. . ......................................................................................................................................................................................................... 117
6-1-1311. Enforcement - penalties - repeal. . ............................................................................................................................................................ 117
6-1-1312. Preemption - local governments. . ............................................................................................................................................................ 117
6-1-1313. Rules - opt-out mechanism. ...................................................................................................................................................................... 118
Colorado Privacy Act Rules . ...................................................................................................................................................................... 119
PART 1 GENERAL APPLICABILITY.......................................................................................................................................................................... 120
Rule 1.01 BASIS, SPECIFIC STATUTORY AUTHORITY, AND PURPOSE. ........................................................................................................... 120
PART 2 DEFINITIONS. ................................................................................................................................................................................................. 120
Rule 2.01 AUTHORITY AND PURPOSE..................................................................................................................................................................... 120
Rule 2.02 DEFINED TERMS.......................................................................................................................................................................................... 120
PART 3 CONSUMER DISCLOSURES ......................................................................................................................................................................... 123
Rule 3.02 REQUIREMENTS FOR DISCLOSURES, NOTIFICATIONS, AND OTHER COMMUNICATIONS TO CONSUMERS. ............. 123
PART 4 CONSUMER PERSONAL DATA RIGHTS . ................................................................................................................................................ 124
Rule 4.02 SUBMITTING REQUESTS TO EXERCISE PERSONAL DATA RIGHTS.............................................................................................. 124
Rule 4.03 RIGHT TO OPT OUT. .................................................................................................................................................................................... 125
Rule 4.04 RIGHT OF ACCESS. ....................................................................................................................................................................................... 126
Rule 4.05 RIGHT TO CORRECTION. ........................................................................................................................................................................... 126
Rule 4.06 RIGHT TO DELETION.................................................................................................................................................................................. 127
Rule 4.07 RIGHT TO DATA PORTABILITY................................................................................................................................................................. 128
Rule 4.08 AUTHENTICATION. ...................................................................................................................................................................................... 128
Rule 4.09 RESPONDING TO CONSUMER REQUESTS.......................................................................................................................................... 129
PART 5 UNIVERSAL OPT-OUT MECHANISM ..................................................................................................................................................... 130
Rule 5.02 RIGHTS EXERCISED. .................................................................................................................................................................................... 130
Rule 5.03 NOTICE AND CHOICE FOR UNIVERSAL OPT-OUT MECHANISMS.............................................................................................. 130
Rule 5.04 DEFAULT SETTINGS FOR UNIVERSAL OPT-OUT MECHANISMS. .................................................................................................. 131
Rule 5.05 PERSONAL DATA USE LIMITATIONS...................................................................................................................................................... 131
Rule 5.06 TECHNICAL SPECIFICATION. .................................................................................................................................................................... 132
Rule 5.07 SYSTEM FOR RECOGNIZING UNIVERSAL OPT-OUT MECHANISMS........................................................................................... 132
Rule 5.08 OBLIGATIONS ON CONTROLLERS......................................................................................................................................................... 133
Rule 5.09 CONSENT AFTER UNIVERSAL OPT-OUT.............................................................................................................................................. 134
PART 6 DUTIES OF CONTROLLERS. ....................................................................................................................................................................... 134
Rule 6.02 PRIVACY NOTICE PRINCIPLES................................................................................................................................................................. 134
Rule 6.03 PRIVACY NOTICE CONTENT. .................................................................................................................................................................... 135
CONTENTS

3 4 5 6 7