The obligations imposed on a controller or a processor under this article do not prohibit or restrict a controller or processor from collecting, using, or retaining data to do the following:
- (1) Conduct internal research to develop, improve, or repair products, services, or technology.
- (2) Effectuate a product recall.
- (3) Identify and repair technical errors that impair existing or intended functionality.
(4) Perform internal operations that are:
- (A) reasonably compatible with the expectations of the consumer;
- (B) reasonably anticipated based on the consumer's existing relationship with the controller; or
(C) otherwise compatible with:
- (i) processing data in furtherance of the provision of a product or service specifically requested by a consumer, or the parent of a child; or
- (ii) the performance of a contract to which the consumer is a party.
As added by P.L.94-2023, SEC.1.