What the Colorado Privacy Act Means for You

How to exercise your rights under the Colorado Privacy Act

The Colorado Privacy Act gives you some control over how businesses collect, use, and share your personal data.

Consumer alerts

Explainer


Updated

Tero Vesalainen | Shutterstock.com

Take Action

On July 1st 2023, Colorado’s new privacy law went into effect. On July 1st of 2024, the second part of the law – the Global Privacy Control that will make it easier to opt-out of data collection – will also go into effect.

What is the Colorado Privacy Act?

The Colorado Privacy Act is a consumer privacy law designed to help protect some of your personal information if you live in Colorado. It gives you some more control over how businesses collect, use, and sell your data. 

What does the Colorado Privacy Act mean for consumers?

The Colorado Privacy Act grants you several important rights regarding your personal information: 

  • Right to Access: You can request a copy of the personal information businesses have collected about you. 
  • Right to Correction: You can correct inaccuracies in the personal data that businesses have collected about you.
  • Right to Deletion: You can ask businesses to delete your personal information altogether.
  • Right to Opt Out: You can opt out of businesses selling your personal information and targeted advertising.

Starting July 1st, 2024, Colorado residents will also be able to automatically stop websites from collecting new personal data by downloading the Global Privacy Control.

What is the Global Privacy Control and how do I get it?

Starting on July 1st, 2024, protecting your personal data will get easier. Instead of having to contact every website individually to opt out of your data being sold or used for targeted advertising, you’ll be able to do it automatically by downloading the Global Privacy Control

The Global Privacy Control is a type of universal opt-out mechanism. Once you download the plug-in on your browser, the Global Privacy Control sends a signal to every website you visit that you don’t want your data to be collected and sold. This way, instead of manually opting out of data collection for every website, the universal opt-out mechanism will automatically do it for you, all the time.

If you are a Colorado resident, you can download the Global Privacy Control for your browser. Beginning on July 1st, the websites you visit will legally have to abide by the signal and stop collecting unnecessary amounts of your data. 

The Colorado Privacy Act required the Colorado Attorney General to select a universal opt-out tool websites must heed. On January 1st, 2024, the Colorado AG’s office announced it had selected the Global Privacy Control as its first approved universal opt-out tool.

How do I exercise my privacy rights?

The first thing you can do is download the Global Privacy Control, which we outline above. 

To exercise your other core rights – accessing, correcting or deleting the data a company has already collected on you, or opting out of the company selling your data – you can submit a request directly to the business. Companies must tell you how to send a request in their privacy policy. But thankfully you don’t have to read an entire privacy policy to find what you need.

Where can I find instructions for exercising my rights in a privacy policy?

When looking at a privacy policy, search for a section titled “Your Privacy Rights,” “Your Rights and Choices,” or something similar. Use ctrl+f for the term “privacy”, “rights”, or “opt” to find this information more quickly. In this section, the business should give you instructions for how to access, correct, or delete your personal data. 

Why does the Colorado Privacy Act matter?

Your personal information is very valuable, not only to you but also to companies that harvest your data and sell it to the highest bidder. Without any regulation, websites and companies can gather lots of information from your online habits such as your location and search history.

Web companies often sell your personal data to data brokers that specialize bundling all your information into a profile and selling it to widely to other actors. The more companies that hold your data, the more likely it will be exposed in a breach or a hack, which can lead to identity theft or damage to your credit score. 

Data brokers also contribute a lot of data to the problematic targeted advertising system. With highly detailed information about you, companies can show you targeted ads that run from the annoying to the downright predatory

The Colorado Privacy Act empowers you to take more control of your personal information. You can better protect your privacy by understanding your rights.

The Colorado Privacy Act should be stronger

The Colorado Privacy Act (CPA) takes several important steps towards protecting consumer’s data privacy. But it doesn’t do as good a job as it should. 

For instance, the CPA puts the burden of stopping companies from collecting your data on you. You shouldn’t have to go to the trouble of figuring out how to exercise your rights yourself. Instead, lawmakers should ban companies from collecting unnecessary data or selling it to other entities in the first place. Companies should be legally required to follow a standard called data minimization. This means only collecting the data that is necessary for delivering the service the you the consumer are expecting to get, and using it only for that purpose. No extra data collection, no weird secondary uses, and no sales to shadowy companies. In the future, lawmakers should consider this approach.

Also, the CPA doesn’t allow consumers to take companies to court directly for violating their rights. Only the Colorado Attorney General and district attorneys can take action against a company. It’d be a stronger consumer law if we as users could hold companies accountable in the courts directly. 

Hopefully, the Colorado Privacy Act will only be the start and Colorado will continue to pass laws that better protect consumer privacy.

In the meantime, it’s a good idea to make use of the rights granted to you under the Colorado Privacy Act and download the Global Privacy Control in time for July 1st.

Topics
Authors

Danny Katz

Executive Director, CoPIRG

Danny has been the director of CoPIRG for over a decade. Danny co-authored a groundbreaking report on the state’s transit, walking and biking needs and is a co-author of the annual “State of Recycling” report. He also helped write a 2016 Denver initiative to create a public matching campaign finance program and led the early effort to eliminate predatory payday loans in Colorado. Danny serves on the Colorado Department of Transportation's (CDOT) Efficiency and Accountability Committee, CDOT's Transit and Rail Advisory Committee, RTD's Reimagine Advisory Committee, the Denver Moves Everyone Think Tank, and the I-70 Collaborative Effort. Danny lobbies federal, state and local elected officials on transportation electrification, multimodal transportation, zero waste, consumer protection and public health issues. He appears frequently in local media outlets and is active in a number of coalitions. He resides in Denver with his family, where he enjoys biking and skiing, the neighborhood food scene and raising chickens.

Find Out More