On 1 July 2023, the Act Concerning Online Privacy, Data and Safety Protections (SB 3/Act 23-56) entered into force. Under the Act, businesses are required to protect consumer health data by imposing several measures. In particular, only relevant employees and processors to whom the user has given consent may access the health data, and the processing may only be constrained to a specific purpose or service that the consumer has requested. In addition, geofencing to track and identify health data is prohibited. The Act also revises disclosure requirements relating to warrants directed to providers of electronic communication services and remote computing services. Data processors are required to enter into a binding contract with the business that specifically outlines the processor's tasks. The Act also contains provisions for minor data, specifying that a social media platform is required to delete a social media account of a minor if such a request is received from the minor (or the minor's guardians if they are younger than sixteen years of age) and cease processing the personal data associated with the account. As for workplace obligations, employers are required to disclose any knowledge it has of any sexual harassment or sexual assault committed in the workplace.
Original source