What you need to know about the Colorado Privacy Act
The new law will give consumers more control over their data. A computer-security expert weighs in on what to expect.
The Colorado Privacy Act, first signed into law by Gov. Jared Polis on July 7, 2021, will go into effect July 1.
Businesses or entities that target more than 100,000 Colorado residents or profit from the sale of personal information of 25,000 or more residents a year will now have to receive consent from consumers on the storage and use of their personal data.
Colorado is the third state to pass comprehensive data-privacy legislation, trailing behind Virginia and California and soon to be followed by Utah and Connecticut. More states are expected to adopt similar laws as data-privacy concerns continue to arise.
So what does this mean for consumers, and what should they expect? Metropolitan State University of Denver’s Edgar Maldonado, Ph.D., associate professor in the Computer Information Systems and Business Analytics Department, details why Colorado residents should care about the use of their personal information.
What will the Colorado Privacy Act look like for consumers come July 1?
When visiting websites, consumers should expect a clear notice of the personal data that the business is collecting, its purposes and whom they’re sharing the data with. It’ll be similar to the cookies pop-up that you see on all the websites you visit, where it asks you to accept or decline. Taking it a step further, businesses will also need to let users know whether they are selling the data to third parties, likely for advertising, and give them the option to opt out. They must also allow the user to correct or delete the data.
The problem is that most people don’t pay attention to the specific data that a website or an app is collecting and they just click “accept.”
Why should consumers choose to opt out? Why should they care whether their personal data is being shared?
I’m talking broadly here, but the main point is that we’re still learning about data privacy as a society and what can be done with the data that’s being collected, and we are unsure how far this can go. The problem is that if you collect enough information, you can start loosely identifying individuals. The data can forecast or have a sense of a person’s overall activity or characteristics. People should know who has access to this data and whom it’s being sold to, to protect their privacy — you don’t want data to be used against you.
RELATED: Should you be worried about TikTok?
The European Union is leading the way as far as data protection and regulation. The U.S. still has ways to go, but the simplest approach is state by state since each region has different ideologies and demographics.
What steps can consumers take to protect their personal data?
My first piece of advice is for consumers to take the time to read the notices once they start seeing them on websites. The Colorado Privacy Act gives them a bit more control since it allows them to opt out of their data being sold to advertisers. It’ll also allow them to see what personal information is being stored by organizations and decide whether they’d like to delete or update certain information. The goal is for consumers to establish boundaries.
I’d also recommend an audit of all apps on your phone and the specific settings of the information that it’s collecting. Just think about all the sources that are collecting data on you. We’re often sharing more information than we realize. Try to keep the amount of information you provide to the minimum needed in order to receive the service. A good rule of thumb is to behave online with the same vigilance and awareness that you would behave with in real life.