United States of America: Colorado Privacy Act comes into effect
Compare with different regulatory event:
Description
Colorado Privacy Act comes into effect
The Colorado Privacy Act will go into effect on 1 July 2023, and will apply to organisations that do business with or manufacture products and services for Colorado residents. Additionally, it will apply to companies who control or process the data of 100.000 customers each year, or generate money from the sale of personal data and control or process the data of 25.000 customers per year. Controllers and processors will be subject to certain requirements under the Act, including written contracts, privacy notice requirements, and data protection assessments
Original sourceScope
Policy Area
Data governance
Policy Instrument
Data protection regulation
Regulated Economic Activity
cross-cutting
Implementation Level
subnational
Government Branch
executive
Government Body
central government
Complete timeline of this policy change
Hide details
2021-03-19
under deliberation
2021-06-25
adopted
2021-07-07
adopted
Key regulatory dimensions
Regulated subjects
The businesses, government agencies or individuals affected by this policy or regulatory change.
producer / supplier
1
Type
Private organisation
Economic activity
cross-cutting
Category
All
Policy change by business practice
The detailed activities within the scope of this policy or regulatory change.
personal data (all forms): data collection
Regulatory tool
User right to withdraw consent
User right to access personal data
User right to deletion of personal data
User right to rectification of personal data
User notification requirement
Corporate right to cure
Sanctions
Determined by existing law or regulation
Regulated subjects
1
personal data (all forms): storage (any form)
Regulatory tool
User right to withdraw consent
User right to access personal data
User right to deletion of personal data
User right to rectification of personal data
User notification requirement
Corporate right to cure
Sanctions
Determined by existing law or regulation
Regulated subjects
1
personal data (all forms): sale
Regulatory tool
User notification requirement
User right to information about third-parties, with which data has been shared
Corporate right to cure
User right to portability of personal data
Sanctions
Determined by existing law or regulation
Regulated subjects
1
personal data (all forms): data processing
Regulatory tool
User consent: Permit user opt-out
User notification requirement
User right to information about third-parties, with which data has been shared
Corporate right to cure
Sanctions
Determined by existing law or regulation
Regulated subjects
1
advertisement: behavioural targeting: marketing (any form)
Regulatory tool
Risk or other impact assessment requirement
User notification requirement
User right to information about third-parties, with which data has been shared
Corporate right to cure
Sanctions
Determined by existing law or regulation
Regulated subjects
1