Some important privacy news in Colorado. The Colorado Attorney General’s Office issued a first draft of the Rules implementing the Colorado Privacy Act (CPA) on September 30, 2022, as part of its rule-making powers under the Act. The Rules were then officially published in the Colorado Register on October 10, 2022.
👀 Here’s what you need to know about the CPA so far.
– Current landscape in Colorado
– Why the Colorado Privacy act is needed
– CPA opt out rights Universal Mechanisms
– How iubenda can help you comply with the CPA
Colorado data protection law dates back to July 7th, 2021, when Governor Jared Polis signed the Protect Personal Data Privacy | Colorado Privacy Act (CPA) into law. It aims at promoting and protecting individuals’ privacy within Colorado.
The Colorado Privacy Act governs the processing of personal and sensitive data.
Concerning additional protection of data relating to personal privacy, the act:
The Colorado General Assembly states:
THE PEOPLE OF COLORADO REGARD THEIR PRIVACY AS A FUNDAMENTAL RIGHT AND AN ESSENTIAL ELEMENT OF THEIR INDIVIDUAL FREEDOM
👉 Read the legislative declaration
Under the CPA, consumers will have enhanced rights in regard to their personal data. Some of the proposed rights include the right to opt out of:
Residents of Colorado also have the right to access, correct, and delete their personal information, as well as the right to data portability.
💡 Under the CPA, Personal data means:
You are now required to provide your users with a reasonably accessible, clear, and meaningful privacy notice that includes the following:
If your organization sells personal data to third parties or processes personal data for targeted advertising, you must clearly and conspicuously disclose the sale or processing.
Want to know more about the easy ways iubenda can help comply with the CPA? Click here →
If you are processing personal data for targeted advertising, sales, or certain profiling, you are required to provide users with a method for them to exercise their right to opt out.
This must be made available in the privacy notice and, with reference to the processing for targeted advertising and/or sales, in a:
You will have 45 days to respond to any user requests, and you will also have additional responsibilities, including respecting user-selected universal opt outs.
If you are processing personal data for targeted advertising and/or sale, you must allow your users to exercise their right to opt out of such processing through a user-selected universal opt-out mechanism.
💡 Respecting the universal mechanism is not effective until July 1, 2024. Up until this date, you can, but are not required to, honor universal opt-out signals.
Did you know iubenda’s Privacy Controls and Cookie Solution will auto-configure to meet the most stringent US legal standards?
👉 Simply choose the regions where you and your users are located, and the solution will do the rest!
👉 Activate US-specific clauses by clicking “Enable disclosures for users residing in the United States.”
The Colorado Privacy Act goes into effect on July 1, 2023.
Businesses will definitely need to analyze how the obligations of the CPA fit into their compliance plan, along with the current work to comply with the California Privacy Rights Act (CPRA) modifications to the CCPA.
🎯 Did you know? The CPA incorporates large aspects of the Virginia Consumer Data Protection Act (VCDPA). Virginia Consumer Data Protection Act (VCDPA) goes into effect on January 1, 2023, and will affect organizations that do business in Virginia or provide products/services to people in Virginia.
Attorney-level solutions to make your websites and apps compliant with the law across multiple countries and legislations.