The Colorado Privacy Act allows residents to opt out of data collection and gain access to more insight about how their information is collected and used.
Source: Route Fifty | Kate Elizabeth Queram, Senior Reporter | JULY 13, 2021
Colorado residents will be able to opt out of online data collection and gain greater transparency into how that data will be used under legislation signed into law this month.
The bill, signed by Gov. Jared Polis on July 7, gives residents the right to opt out of data collection; “access, correct or delete” the data, or obtain a portable copy of the collected information. The legislation also requires companies to clearly communicate what data they collect, what they do with it, and how long they store it.
The bill applies only to commercial businesses that process the personal data of at least 100,000 consumers each year or make money, or receive discounts by selling or controlling data from at least 25,000 consumers. It also provides exceptions for certain companies, including financial and consumer reporting institutions and airlines.
Violations of the policy are considered “deceptive trade practices” under the state’s Consumer Protection Act, each punishable with a $20,000 fine. Enforcement authority will be granted to both the state attorney general and district attorneys, with the state office also in charge of rule-making. Companies will initially have 60 days to correct violations before being fined, a provision that ends two years after the bill takes effect in July 2023.
“This bill protects consumers' personal data by ensuring a reasonable and straightforward way for consumers to opt out of data collection for targeted advertising and data sale,” Rep. Monica Duran, a Democrat and one of the bill’s co-sponsors, said on Twitter. “This bill also honors businesses' ability to continue to use data and current practices such as targeted advertising under new and improved guidelines. It also creates a universal opt-out option that will be available in a few years.”
The legislation passed with bipartisan support in both the state Senate (34-0) and House (57-7) but encountered resistance from some business groups, who worried about the cost of complying with the policy.
That complaint is a common refrain for state-level policies—considered by at least 30 states and Puerto Rico in 2020—which differ in scope and detail. The patchwork of laws creates what opponents say is a regulatory minefield that can be difficult—and expensive—to comply with and understand. A national policy, enacted by Congress, would make more sense, said Carl Holshouser, senior vice president of TechNet, a bipartisan advocacy group of technology CEOs.
“This approach would create a patchwork of laws across the country that are bad for consumers and bad for business,” Holshouser said in a statement. “It leaves consumers confused and unprotected, depending on where they live, and hurts small and medium-sized companies who don’t have the time, money, or resources to comply with 50 different state privacy regimes that would expose them to constant legal battles that could drive them out of business.”
In March, U.S. Rep. Suzan DelBene, a Democrat from Washington, introduced a bill to create a national policy, but the legislation never came to a vote or a committee hearing.
Colorado is the fourth state…