Digital Policy Alert logo

United States of America: Colorado Privacy Act comes into effect

Policy overview

Description

Colorado Privacy Act comes into effect

The Colorado Privacy Act will go into effect on 1 July 2023, and will apply to organisations that do business with or manufacture products and services for Colorado residents. Additionally, it will apply to companies who control or process the data …

Scope

Policy Area
Data governance
Policy Instrument
Data protection regulation
Regulated Economic Activity
cross-cutting
Implementation Level
subnational
Government Branch
executive
Government Body
central government

Complete timeline of this policy change

Hide details
2021-03-19
under deliberation

Colorado Senate Bill 21-190 ("Act Concerning additional protection of data relating to personal pri…

2021-06-25
adopted

The Colorado Senate Bill 21-190 ("Act Concerning additional protection of data relating to personal…

2021-07-07
adopted

The Colorado Senate Bill 21-190 ("Act Concerning additional protection of data relating to personal…

2023-07-01
in force

The Colorado Privacy Act will go into effect on 1 July 2023, and will apply to organisations that d…

Key regulatory dimensions

Regulated subjects

The businesses, government agencies or individuals affected by this policy or regulatory change.
producer / supplier
1
Type Private organisation
Economic activity cross-cutting
Category All

Policy change by business practice

The detailed activities within the scope of this policy or regulatory change.
personal data (all forms): data collection
Regulatory tool
User right to withdraw consent
User right to access personal data
User right to deletion of personal data
User right to rectification of personal data
User notification requirement
Corporate right to cure
Sanctions
Determined by existing law or regulation
Regulated subjects
1
personal data (all forms): storage (any form)
Regulatory tool
User right to withdraw consent
User right to access personal data
User right to deletion of personal data
User right to rectification of personal data
User notification requirement
Corporate right to cure
Sanctions
Determined by existing law or regulation
Regulated subjects
1
personal data (all forms): sale
Regulatory tool
User notification requirement
User right to information about third-parties, with which data has been shared
Corporate right to cure
User right to portability of personal data
Sanctions
Determined by existing law or regulation
Regulated subjects
1
personal data (all forms): data processing
Regulatory tool
User consent: Permit user opt-out
User notification requirement
User right to information about third-parties, with which data has been shared
Corporate right to cure
Sanctions
Determined by existing law or regulation
Regulated subjects
1
advertisement: behavioural targeting: marketing (any form)
Regulatory tool
Risk or other impact assessment requirement
User notification requirement
User right to information about third-parties, with which data has been shared
Corporate right to cure
Sanctions
Determined by existing law or regulation
Regulated subjects
1

Policy change by business practice

The detailed activities within the scope of this policy or regulatory change.

personal data (all forms): data collection

personal data (all forms): storage (any form)

personal data (all forms): sale

personal data (all forms): data processing

advertisement: behavioural targeting: marketing (any form)