| Last Action | 01/05/23: to Economic Development, Tourism, & Labor (S) |
|---|---|
| Title | AN ACT relating to consumer data privacy. |
| Bill Documents | Introduced |
| Bill Request Number | 2 |
| Sponsors | W. Westerfield, J. Schickel |
| Summary of Original Version | Create new sections of KRS Chapter 367 to define terms; set the parameters for applicability of this Act; define various consumer rights related to data collection; require a data controller to comply with a consumer request to exercise those rights, including confirming whether or not a controller is processing the consumer's data and providing the consumer access to his or her data, deleting his or her personal data, providing a copy of the consumer's data that he or she previously provided in a portable and usable format, opting out of targeted advertising, opting out of tracking, and opting out of the sale or sharing of his or her personal data; require controllers to establish a process for consumers to appeal a controller's refusal to act on a consumer's request to exercise a right; set forth requirements for persons or entities that control or process personal data; require persons who control data to conduct data protection impact assessments; establish that the Attorney General has exclusive authority to enforce, with the exception of a private right of action by which consumers can seek injunctive relief for specific violations if the data controller or processor received an written notice of violation from the Attorney General and failed to cure the violation within 30 days; create a consumer privacy fund in the State Treasury to be administered by the Office of the Attorney General and direct that all civil penalties collected with regard to enforcement actions be deposited in the fund; set forth that this Act supersedes and preempts all rules, regulations, codes, ordinances, and other laws adopted by a city, county, charter county, urban-county government, consolidated local government, unified local government, or local agency regarding the processing of personal data; amend KRS 367.240 to conform; allow the Act to be cited as the Kentucky Consumer Protection Data Act; EFFECTIVE January 1, 2025. |
| Index Headings of Original Version |
Data Processing - Personal data protection, consumer data privacy rights Effective Dates, Delayed - Kentucky Consumer Data Protection Act, effective January 1, 2025 Short Titles and Popular Names - Kentucky Consumer Data Protection Act Trade Practices and Retailing - Personal data protection, consumer data privacy rights Consumer Affairs - Personal data protection, consumer data privacy rights |
| 01/03/23 |
|
|---|---|
| 01/05/23 |
|
Last updated: 1/6/2023 5:32 PM (EST)
To receive notice when the record is updated follow @LRCTweetBot. @LRCTweetBot