Md. Code Ann., Com. Law § 14-4805
Duties of entities required to complete data protection impact assessments
Effective Oct 1, 2024Added by Acts 2024, c. 460, § 1, eff. Oct. 1, 2024; Acts 2024, c. 461, § 1, eff. Oct. 1, 2024. Amended by Acts 2024, c. 382, § 5.State of Maryland
- (1) Maintain documentation of the assessment for as long as the online product is likely to be accessed by children;
- (2) Review each data protection impact assessment as necessary to account for material changes to processing pertaining to the online product within 90 days of such material changes;
- (3) Notwithstanding any other law, configure all default privacy settings provided to children by the online product to offer a high level of privacy, unless the covered entity can demonstrate a compelling reason that a different setting is in the best interests of children;
- (4) Provide any privacy information, terms of service, policies, and community standards concisely, prominently, and using clear language suited to the age of children likely to access the online product; and
- (5) Provide prominent, accessible, and responsive tools to help children or their parents or guardians, if applicable, exercise their privacy rights and report concerns.
A covered entity required to complete a data protection impact assessment under § 14-4804 of this subtitle shall:
Added by Acts 2024, c. 460, § 1, eff. Oct. 1, 2024; Acts 2024, c. 461, § 1, eff. Oct. 1, 2024. Amended by Acts 2024, c. 382, § 5.