GDPR and US States General Privacy Laws Deskbook

Page 6 - GDPR and US States General Privacy Laws Deskbook

P. 6

CONTENTS
Rule 5.09 CONSENT AFTER UNIVERSAL OPT-OUT.............................................................................................................................................. 135
PART 6 DUTIES OF CONTROLLERS. ....................................................................................................................................................................... 135
Rule 6.02 PRIVACY NOTICE PRINCIPLES................................................................................................................................................................. 135
Rule 6.03 PRIVACY NOTICE CONTENT. .................................................................................................................................................................... 136
Rule 6.04 CHANGES TO A PRIVACY NOTICE.......................................................................................................................................................... 137
Rule 6.05 LOYALTY PROGRAMS. ................................................................................................................................................................................. 137
Rule 6.06 PURPOSE SPECIFICATION. ........................................................................................................................................................................ 139
Rule 6.07 DATA MINIMIZATION................................................................................................................................................................................. 139
Rule 6.08 SECONDARY USE......................................................................................................................................................................................... 140
Rule 6.09 DUTY OF CARE............................................................................................................................................................................................. 140
Rule 6.10 DUTY REGARDING SENSITIVE DATA..................................................................................................................................................... 141
Rule 6.11 DOCUMENTATION CONCERNING DUTIES OF CONTROLLERS................................................................................................... 142
PART 7 CONSENT. ........................................................................................................................................................................................................ 142
Rule 7.02 REQUIRED CONSENT................................................................................................................................................................................. 142
Rule 7.03 REQUIREMENTS FOR VALID CONSENT. ............................................................................................................................................... 143
Rule 7.04 REQUESTS FOR CONSENT. ....................................................................................................................................................................... 145
Rule 7.05 CONSENT AFTER OPT-OUT. ..................................................................................................................................................................... 146
Rule 7.06 CONSENT FOR CHILDREN. ....................................................................................................................................................................... 147
Rule 7.07 REFUSING OR WITHDRAWING CONSENT.......................................................................................................................................... 147
Rule 7.08 REFRESHING CONSENT. ............................................................................................................................................................................ 148
Rule 7.09 USER INTERFACE DESIGN, CHOICE ARCHITECTURE, AND DARK PATTERNS......................................................................... 148
PART 8 DATA PROTECTION ASSESSMENTS . ...................................................................................................................................................... 151
Rule 8.02 SCOPE. ............................................................................................................................................................................................................. 151
Rule 8.03 STAKEHOLDER INVOLVEMENT. .............................................................................................................................................................. 151
Rule 8.04 DATA PROTECTION ASSESSMENT CONTENT. .................................................................................................................................... 152
Rule 8.05 TIMING............................................................................................................................................................................................................ 154
Rule 8.06 ATTORNEY GENERAL REQUESTS. ........................................................................................................................................................... 154
PART 9 PROFILING...................................................................................................................................................................................................... 155
Rule 9.01 AUTHORITY AND PURPOSE..................................................................................................................................................................... 155
Rule 9.02 SCOPE. ............................................................................................................................................................................................................ 155
Rule 9.03 PROFILING OPT-OUT TRANSPARENCY................................................................................................................................................ 155
Rule 9.04 OPTING OUT OF PROFILING IN FURTHERANCE OF DECISIONS THAT PRODUCE LEGAL OR SIMILARLY SIGNIFICANT
EFFECTS CONCERNING A CONSUMER. .................................................................................................................................................................. 156
Rule 9.05 CONSENT FOR PROFILING IN FURTHERANCE OF DECISIONS THAT PRODUCE LEGAL OR SIMILARLY SIGNIFICANT
EFFECTS CONCERNING A CONSUMER. .................................................................................................................................................................. 157
Rule 9.06 DATA PROTECTION ASSESSMENTS FOR PROFILING. ...................................................................................................................... 157
PART 10 ENFORCEMENT . ......................................................................................................................................................................................... 159
Rule 10.01 AUTHORITY AND PURPOSE . ................................................................................................................................................................. 159
Rule 10.02 ENFORCEMENT CONSIDERATIONS . .................................................................................................................................................. 159
PART 11 MATERIALS INCORPORATED BY REFERENCE . ................................................................................................................................ 159
Rule 11.01 AUTHORITY AND PURPOSE . ................................................................................................................................................................. 159
Rule 11.02 WEB CONTENT ACCESSIBILITY GUIDELINES . ................................................................................................................................. 159
6 | General Privacy Laws Deskbook: US State Laws and GDPR

4 5 6 7 8