Tell the FTC: Stop TikTok, Facebook and other companies from selling our personal data
The Colorado Privacy Act gives you some control over how businesses collect, use, and share your personal data.
Take Action
On July 1st 2023, Colorado’s new privacy law went into effect. On July 1st of 2024, the second part of the law – the Global Privacy Control that will make it easier to opt-out of data collection – will also go into effect.
The Colorado Privacy Act is a consumer privacy law designed to help protect some of your personal information if you live in Colorado. It gives you some more control over how businesses collect, use, and sell your data.
The Colorado Privacy Act (CPA) earns a C+ grade on our recent scorecard report – co-authored with the Electronic Privacy Information Center (EPIC) – for how well it actually protects consumers.
Colorado’s privacy law puts a lot of work on you if you want to stop companies from collecting and selling your data. It’d be better if instead companies were limited to what data they can collect on you and what they can do with it in the first place.
The Colorado Privacy Act grants you several rights regarding your personal information:
Most of these rights are difficult to exercise. To access, correct or delete your data, you have to submit requests one at a time to individual companies. Fully exercising the rights Colorado’s privacy law gives you would be like taking on a part-time job. There are likely hundreds of third parties holding your information right now.
However, Starting on July 1st, 2024, protecting your personal data will get easier. Instead of having to contact every website individually to opt out of your data being sold or used for targeted advertising, you’ll be able to do it automatically by downloading what’s called global opt-out mechanism.
A universal opt-out mechanism is a piece of technology that helps you automatically opt-out of data collection online. Once you’ve downloaded the tool, the mechanism will broadcast to every site you visit that you don’t want your data collected or sold. That way you don’t have to individually contact every website you visit to opt out.
You will, however, need to do a bit of work to get the tool working.
The Global Privacy Control is a type of universal opt-out mechanism. Once you download the plug-in on your browser, the Global Privacy Control sends a signal to every website you visit that you don’t want your data to be collected and sold. This way, instead of manually opting out of data collection for every website, the universal opt-out mechanism will automatically do it for you, all the time.
The Colorado Privacy Act required the Colorado Attorney General to select a universal opt-out tool websites must heed. On January 1st, 2024, the Colorado AG’s office announced it had selected the Global Privacy Control as its first approved universal opt-out tool.
To automatically opt-out of data collection on websites while using your Chrome browser, you need to download a special browser extension. You have a couple of options.
To automatically opt-out of data collection on websites in Safari, you need to download a special browser extension. Apple currently doesn’t allow our favorite tool – Privacy Badger – in Safari, but there is another option you can use.
To automatically opt-out of data collection on websites in Edge you’ll need to download a special browser extension. You have a couple of options:
Firefox is the only major browser that has a GPC signal built into it automatically, so you don’t have to download any special tools. But you do have to go turn it on.
The CPA gives you some rights to ask companies to delete your data and the ability to use a browser tool to automatically opt-out of websites’ data collection. It sounds nice, but really it puts the onus on you to become a data privacy expert in order to protect yourself. Even if you exercised all your rights perfectly, it still wouldn’t be enough to keep your information secure.
The best thing for consumers is to change how companies can collect and use data in the first place. It should be on companies to limit their data collection to only the data they need to deliver the service you’re expecting to get up front. There’s no good reason for your fast food loyalty app to be collecting your location 24/7 or your VR game app to be collecting your social security number.
Companies should also be limited to only using the data they collect for what the consumer is expecting. There’s no good reason for your health app to turn around and sell your prescription information to advertisers or your child’s internet-enabled stuffed animal to be sending transcripts of your child’s conversations to third parties.
This is a big deal. The more data that companies collect, and the more companies they sell it to, the more likely it is that your personal information is going to be exposed in a breach or a hack and end up in the wrong hands. This makes it more likely you’ll be the victim of identity theft, financial fraud and hyper-targeted scams.
It’s absurd we haven’t stopped companies treating our data like a commodity. States can lead the way in amending the laws they’ve already passed to do more to protect consumers.
If you want to ensure that your data is as protected as possible, there are other steps you can take besides relying on your Connecticut data rights. We’ve got more simple ways you can boost your data security here.
See below for even more tips to put you more in control of your information online.
Learn more
Did you know that health apps like fitness trackers are allowed to share and even sell your private health information -- totally legally? Take action to put a stop to this practice and protect our data.
TAKE ACTION
Danny has been the director of CoPIRG for over a decade. Danny co-authored a groundbreaking report on the state’s transit, walking and biking needs and is a co-author of the annual “State of Recycling” report. He also helped write a 2016 Denver initiative to create a public matching campaign finance program and led the early effort to eliminate predatory payday loans in Colorado. Danny serves on the Colorado Department of Transportation's (CDOT) Efficiency and Accountability Committee, CDOT's Transit and Rail Advisory Committee, RTD's Reimagine Advisory Committee, the Denver Moves Everyone Think Tank, and the I-70 Collaborative Effort. Danny lobbies federal, state and local elected officials on transportation electrification, multimodal transportation, zero waste, consumer protection and public health issues. He appears frequently in local media outlets and is active in a number of coalitions. He resides in Denver with his family, where he enjoys biking and skiing, the neighborhood food scene and raising chickens.