FPF Provides Input on Draft Colorado Privacy Act Regulations

On September 30th, The Colorado Department of Law released draft regulations to implement the Colorado Privacy Act. The Future of Privacy Forum (FPF) filed written comments in response to the proposed rules on November 7th. Furthermore, FPF’s Keir Lamont and Felicity Slater participated in public stakeholder sessions hosted by the Colorado Attorney General’s Office as part of its regulatory process held on November 10th and November 17th.

FPF’s comments identified and provided recommendations to address areas of potential ambiguity in the draft regulations. Specifically, FPF’s contributions encouraged the Department of Law to:

1. Provide additional clarity for the exercise of consumer rights through Universal Opt-Out Mechanisms (UOOMs), including standards for residency authentication and the procedures by which “opt-out lists” may function as UOOMs.
2. Resolve apparent inconsistencies in the draft regulations for the use of on-by-default UOOMs.
3. Clarify the intended scope of restrictions on “Dark Patterns” in consumer interfaces.
4. Assess the scope and intended effect of the regulations’ novel definitions for “biometric data” and “biometric identifiers.”
5. Align the protections of children’s privacy and relevant definitions with the Children’s Online Privacy Protection Act (COPPA).

The comment docket for the Colorado Privacy Act draft regulations remains open. Interested parties also have an opportunity to participate in a rulemaking hearing scheduled for February 1, 2023.