Colorado CPA
Colorado Privacy Act
Colorado, USA
In force since 2023
United States
Who must comply
Controllers that process data of 100,000+ Colorado consumers, or 25,000+ while deriving revenue from selling data.
Penalties
Enforced by the Colorado AG and district attorneys, with penalties under the state's consumer protection statute.
Key obligations
- Honor a universal opt-out mechanism
- Offer opt-out of targeted ads, sale and profiling
- Opt-in consent for sensitive data
- Clear privacy notice
- Consumer rights handling
How ConsentX helps
Universal opt-out mechanism support
Targeted-ads and sale opt-out
Sensitive-data opt-in gating
DSAR workflow
Get Colorado CPA ready with ConsentX
This page is a plain-English summary for general information and is not legal advice. Confirm your obligations with qualified local counsel.
How to comply with Colorado CPA using ConsentX
- 1
Scan your website
Run a free scan to find every cookie and tracker on your site, so you know exactly what needs consent under Colorado CPA.
- 2
Show a geo-aware consent banner
Add the ConsentX banner. It detects each visitor region and shows the consent experience that Colorado CPA requires, automatically.
- 3
Block trackers until consent
Keep non-essential cookies and trackers blocked until the visitor agrees, so nothing fires before consent.
- 4
Record tamper-evident proof
Every choice is stored as a tamper-evident consent receipt you can produce in a Colorado CPA audit.
- 5
Handle data requests on time
Use the built-in DSAR workflow with SLA timers to answer access, deletion and opt-out requests within the legal deadline.
Frequently asked questions
Does Colorado require a universal opt-out mechanism?+
Yes. Controllers must recognize a universal opt-out signal such as Global Privacy Control.
Is consent needed for sensitive data in Colorado?+
Yes, processing sensitive data requires opt-in consent under the Colorado Privacy Act.