Page 5 - GDPR and US States General Privacy Laws Deskbook
P. 5
CONTENTS
ARTICLE 9. INVESTIGATIONS AND ENFORCEMENT . ...................................................................................................................................... 101
11 C.C.R. § 7300. Sworn Complaints Filed with the Agency. ................................................................................................................................. 101
11 C.C.R. § 7301. Investigations. .................................................................................................................................................................................. 102
11 C.C.R. § 7302. Probable Cause Proceedings. ....................................................................................................................................................... 102
11 C.C.R. § 7303. Stipulated Orders. ........................................................................................................................................................................... 103
11 C.C.R. § 7304. Agency Audits.................................................................................................................................................................................. 103
Colorado Privacy Act .................................................................................................................................................................................. 104
6-1-1301. Short title. The “Colorado Privacy Act”. . ................................................................................................................................................. 105
6-1-1302. Legislative declaration. . .............................................................................................................................................................................. 105
6-1-1303. Definitions. . ................................................................................................................................................................................................... 106
6-1-1304. Applicability of part. . ................................................................................................................................................................................... 109
6-1-1305. Responsibility according to role. .............................................................................................................................................................. 112
6-1-1306. Consumer personal data rights - repeal. ................................................................................................................................................ 113
6-1-1307. Processing de-identified data. .................................................................................................................................................................. 115
6-1-1308. Duties of controllers. .................................................................................................................................................................................. 116
6-1-1309. Data protection assessments - attorney general access and evaluation - definition. . ................................................................. 117
6-1-1310. Liability. . ......................................................................................................................................................................................................... 118
6-1-1311. Enforcement - penalties - repeal. . ............................................................................................................................................................ 118
6-1-1312. Preemption - local governments. . ............................................................................................................................................................ 118
6-1-1313. Rules - opt-out mechanism. ...................................................................................................................................................................... 119
Colorado Privacy Act Rules . ...................................................................................................................................................................... 120
PART 1 GENERAL APPLICABILITY.......................................................................................................................................................................... 121
Rule 1.01 BASIS, SPECIFIC STATUTORY AUTHORITY, AND PURPOSE. ........................................................................................................... 121
PART 2 DEFINITIONS. ................................................................................................................................................................................................. 121
Rule 2.01 AUTHORITY AND PURPOSE..................................................................................................................................................................... 121
Rule 2.02 DEFINED TERMS.......................................................................................................................................................................................... 121
PART 3 CONSUMER DISCLOSURES ...................................................................................................................................................................... 124
Rule 3.02 REQUIREMENTS FOR DISCLOSURES, NOTIFICATIONS, AND OTHER COMMUNICATIONS TO CONSUMERS. ............. 124
PART 4 CONSUMER PERSONAL DATA RIGHTS . ................................................................................................................................................ 125
Rule 4.02 SUBMITTING REQUESTS TO EXERCISE PERSONAL DATA RIGHTS.............................................................................................. 125
Rule 4.03 RIGHT TO OPT OUT. .................................................................................................................................................................................... 126
Rule 4.04 RIGHT OF ACCESS. ....................................................................................................................................................................................... 127
Rule 4.05 RIGHT TO CORRECTION. ........................................................................................................................................................................... 127
Rule 4.06 RIGHT TO DELETION.................................................................................................................................................................................. 128
Rule 4.07 RIGHT TO DATA PORTABILITY................................................................................................................................................................. 129
Rule 4.08 AUTHENTICATION. ...................................................................................................................................................................................... 129
Rule 4.09 RESPONDING TO CONSUMER REQUESTS.......................................................................................................................................... 130
PART 5 UNIVERSAL OPT-OUT MECHANISM ..................................................................................................................................................... 131
Rule 5.02 RIGHTS EXERCISED. .................................................................................................................................................................................... 131
Rule 5.03 NOTICE AND CHOICE FOR UNIVERSAL OPT-OUT MECHANISMS.............................................................................................. 131
Rule 5.04 DEFAULT SETTINGS FOR UNIVERSAL OPT-OUT MECHANISMS. .................................................................................................. 132
Rule 5.05 PERSONAL DATA USE LIMITATIONS...................................................................................................................................................... 132
Rule 5.06 TECHNICAL SPECIFICATION. .................................................................................................................................................................... 133
Rule 5.07 SYSTEM FOR RECOGNIZING UNIVERSAL OPT-OUT MECHANISMS........................................................................................... 133
Rule 5.08 OBLIGATIONS ON CONTROLLERS......................................................................................................................................................... 134
5 | General Privacy Laws Deskbook: US State Laws and GDPR
