Summary of Original Version

Create new sections of KRS Chapter 367 to define terms; require covered entities to complete Data protection impact assessments before releasing new products or services; require covered entities to make Data protection impact assessments available to the Attorney General upon request; require covered entities to configure default privacy settings for children at a high level of privacy; require covered entities to provide tools for parents and guardians to exercise privacy and report concerns; prohibit covered entities from using a child's personal information in a way that the covered entity knows is likely to result in high risk; prohibit covered entities from unnecessarily profiling children; prohibit covered entities from collecting, retaining, processing, or disclosing personal information of a child in a manner that has been identified as high risk through a Data protection impact assessment; prohibit covered entities from unnecessarily collecting, selling, processing, or retaining a child's precise geolocation data; provide penalties for violations.

Statutes affected:
Introduced: 367.990