Summary

The GDPA requires a governmental entity to prominently post a website privacy notice on the homepage of their government website. The website privacy notice must describe:

• the identity of the governmental entity responsible for the website and how to contact them;
• how an individual may:

• seek access to their personal data or user data;
• request to correct or amend their personal data or user data; and
• contact the Data Privacy Ombuds; and

• how an at-risk employee may request their personal information be classified as private.

If a government website uses website tracking technology to collect user data, the website privacy notice must also describe:

• any website tracking technology used;
• what user data is collected;
• the intended purposes and uses of the user data; 
• the classes of persons and governmental entities:

• with whom the governmental entity shares user data; or
• to whom the governmental entity sells user data; and
• the record series in which the user data is included.

A governmental entity may not collect user data collected by a government website unless the governmental entity has complied with these requirements.