GDPR and US States General Privacy Laws Deskbook

Page 9 - GDPR and US States General Privacy Laws Deskbook

P. 9

CONTENTS
24-15-10-3 Notice requirement and opportunity to cure violations . ................................................................................................................. 210
24-15-10-4 Lack of private right of action ............................................................................................................................................................... 210
24-15-11-1 Preemption of local laws ........................................................................................................................................................................ 210
24-15-11-2 Inclusion of accompanying rules . .......................................................................................................................................................... 210
Iowa Relating To Consumer Data Protection, Providing Civil Penalties, and Including Effective Date Provisions ............ 211
Sec. 1. NEW SECTION. 715D.1 Definitions. ............................................................................................................................................................ 212
Sec. 2. NEW SECTION. 715D.2 Scope and exemptions. . ...................................................................................................................................... 215
Sec. 3. NEW SECTION. 715D.3 Consumer data rights. ......................................................................................................................................... 216
Sec. 4. NEW SECTION. 715D.4 Data controller duties. ........................................................................................................................................ 217
Sec. 5. NEW SECTION. 715D.5 Processor duties. .................................................................................................................................................. 218
Sec. 6. NEW SECTION. 715D.6 Processing data — exemptions. . ........................................................................................................................ 218
Sec. 7. NEW SECTION. 715D.7 Limitations. ............................................................................................................................................................ 219
Sec. 8. NEW SECTION. 715D.8 Enforcement — penalties. . .................................................................................................................................. 221
Sec. 9. NEW SECTION. 715D.9 Preemption. . .......................................................................................................................................................... 221
Sec. 10. EFFECTIVE DATE. This Act takes effect January 1, 2025.. ..................................................................................................................... 221
Kentucky Consumer Data Protection Act.............................................................................................................................................. 222
367.3611 Definitions for KRS 367.3611 to 367.3629. (Effective January 1, 2026) . ..................................................................................... 223
367.3613 Application -- Limitations -- Information and data exemptions -- Compliance with federal children’s online privacy laws.
(Effective January 1, 2026) . ........................................................................................................................................................................................... 226
367.3615 Consumer rights request -- Controller compliance -- Requirements -- Appeal process. (Effective January 1, 2026) . .......... 228
367.3617 Limitations on the collection and use of personal data by a controller -- Waiver of consumer rights contrary to public policy
-- Privacy notice -- Notice for sale of personal data to third party -- Process for consumers to exercise consumer rights requirement.
(Effective January 1, 2026) . ........................................................................................................................................................................................... 229
367.3619 Data processing responsibilities to controller -- Contract requirements between controller and processor. (Effective January
1, 2026) ........................................................................................................................................................................................................................... 230
367.3621 Data protection impact assessment -- Requirements -- Disclosure to Attorney General -- Confidentiality and exceptions --
Application. (Effective January 1, 2026) ................................................................................................................................................................... 231
367.3623 De-identifiable data requirements -- Construction -- Limitation of consumer rights on pseudonymous data -- Controller
oversight of de-identifiable or pseudonymous data. (Effective January 1, 2026) ............................................................................................ 232
367.3625 Construction of KRS 367.3611 to 367.3629 -- Uses of data by controller or processor -- Application of evidentiary privilege
-- Disclosure of data to third-party controller -- Limitations on processing of personal data -- Burden of proof. (Effective January 1,
2026) . ................................................................................................................................................................................................................................ 233
367.3627 Enforcement authority of Attorney General -- Written notice of violation -- Civil action -- Damages -- Recovery of expenses.
(Effective January 1, 2026) . ........................................................................................................................................................................................... 234
Florida Technology Transparency ............................................................................................................................................................ 236
Section 4.. ........................................................................................................................................................................................................................ 237
501.701 Short title.. ....................................................................................................................................................................................................... 237
Section 5.. ........................................................................................................................................................................................................................ 237
501.702 Definitions.. ..................................................................................................................................................................................................... 237
Section 6.. ........................................................................................................................................................................................................................ 241
501.703 Applicability.................................................................................................................................................................................................... 241
Section 7.. ........................................................................................................................................................................................................................ 241
501.704 Exemptions..................................................................................................................................................................................................... 241
Section 8.. ........................................................................................................................................................................................................................ 243
9 | General Privacy Laws Deskbook: US State Laws and GDPR

7 8 9 10 11