A covered entity required to complete a data protection impact assessment under § 14-4804 of this subtitle shall: (1) Maintain documentation of the assessment for as long as the online product is likely to be accessed by children; (2) Review each data protection impact assessment as necessary to account for material changes to processing pertaining to the online product within 90 days of such material changes; (3) Notwithstanding any other law, configure all default privacy settings provided to children by the online product to offer a high level of privacy, unless the covered entity can demonstrate a compelling reason that a different setting is in the best interests of children; (4) Provide any privacy information, terms of service, policies, and community standards concisely, prominently, and using clear language suited to the age of children likely to access the online product; and (5) Provide prominent, accessible, and responsive tools to help children or their parents or guardians, if applicable, exercise their privacy rights and report concerns.
‹ Prev All Maryland sections Next ›
Lexace provides legal information, not legal advice, and no attorney–client relationship is created. Statute text is provided for general information and may not reflect the most recent amendments; verify against the official state code.