FPF Files Comments on Colorado Privacy Act Pre-Rulemaking Activity
July 12, 2022
Today, the Future of Privacy Forum (FPF) filed comments with the Colorado Department of Law regarding forthcoming rulemaking under the Colorado Privacy Act (CPA). The CPA, which goes into effect in July 2023, will establish important new data privacy rights, controls, and protections for individuals in Colorado.
FPF’s comments are directed toward ensuring that forthcoming regulations support the effective exercise of new privacy rights, maximize clarity for business and nonprofit compliance efforts, and promote interoperability with emerging U.S. and global privacy frameworks where appropriate, particularly where the CPA uses consistent language as other jurisdictions.
Specifically, FPF recommends that forthcoming CPA regulations should:
- Clarify the approval and role of universal opt-out mechanisms in the context of today’s labyrinth of existing permission frameworks, including in non-authenticated interactions and their application to off-site data.
- Ensure that the CPA’s high standard for obtaining valid consumer consent is realized in practice by providing that consent must be freely revocable and establishing limits on inappropriate “bundling” of consent for disparate processing purposes.
- Provide appropriate guidance, flexibility, and interoperability for conducting meaningful data protection impact assessments, informed by best practices developed by regulators in both U.S. and global jurisdictions with comparable requirements.
- Establish that a broad range of ‘profiling’ decisions are subject to consumer opt-out rights and follow best practices for automated decision-making transparency so that Coloradans are fully empowered to exercise their rights.
- Adopt a definition of “biometric data” that protects individual privacy interests by limiting invasive and non-consensual tracking and identification.
Published: Last Updated: March 6, 2023
What to Expect from the Review of Australia’s Privacy Act
Shining a Light on the Florida Digital Bill of Rights
New FPF Report: Unlocking Data Protection by Design and by Default: Lessons from the Enforcement of Article 25 GDPR
Vietnam’s Personal Data Protection Decree: Overview, Key Takeaways, and Context
Analysis of a Decade of Israeli Judicial Decisions Related to Data Protection (2012-2022)
A New Paradigm for Consumer Health Data Privacy in Washington State
FPF Announces Recipients of the Third Annual Award for Research Data Stewardship
FPF at the 2023 IAPP Global Privacy Summit
Tenn. Makes Nine? ‘Tennessee Information Protection Act’ Set to Become Newest Comprehensive State Privacy Law
The ‘Montana Consumer Data Privacy Act’ Reminds us that Privacy is Bipartisan
Posts by Keir
Tenn. Makes Nine? ‘Tennessee Information Protection Act’ Set to Become Newest Comprehensive State Privacy LawRead More