January 25, 2022

Volume XII, Number 25

Advertisement
Advertisement

January 24, 2022

Subscribe to Latest Legal News and Analysis
Advertisement

Under the Colorado Privacy Act, Will Companies be Required to Offer Consumers the Ability to Opt Out of Behavioral Advertising if They have Already Received Opt-In Consent?

The Colorado Privacy Act, which is scheduled to go into effect in 2023, states that a consumer “has the right to opt out of the processing of personal data” for the purposes of “targeted advertising.”1 Unlike other state statutes, such as the CPRA, the Colorado Privacy Act does not contain an exemption for situations where a consumer has opted into the sharing of personal information in the first instance. As a result, even if a business has obtained the opt-in consent of a consumer for the use of targeted advertising technology (e.g., through an opt-in cookie banner), the business is still required to permit the consumer to select, at any time, to opt out of the further sharing of their personal information for the purposes of targeted advertising.

While obtaining opt-in consent does not release a business from its obligation to provide an opt-out mechanism, the Colorado statute envisions opt-in consent as displacing, or taking precedence over, any opt-out preference signals that are automatically broadcast from the consumer’s computer, device, or browser.2 Nonetheless, even when an opt-in consent displaces an opt-out preference signal, the Colorado statute makes clear that consumers must still be given the ability to “revoke the consent as easily as it is affirmatively provided.”3 The net result is that regardless of whether opt-in consent is obtained from a Colorado consumer, a company must, under the Colorado Privacy Act, provide the consumer with some form of opt-out mechanism to stop sharing data for the purposes of targeted advertising.


1 C.R.S. 6-1-1306(1)(a)(I)(A) (2021).

2 C.R.S. 6-1-1306(1)(a)(IV)(C) (2021).

3 C.R.S. 6-1-1306(1)(a)(IV)(C) (2021).

©2022 Greenberg Traurig, LLP. All rights reserved. National Law Review, Volume XI, Number 308
Advertisement
Advertisement
Advertisement
Advertisement
Advertisement
Advertisement

About this Author

David A. Zetoony Privacy Attorney Greenberg Traurig
Shareholder

David Zetoony, Co-Chair of the firm's U.S. Data, Privacy and Cybersecurity Practice, focuses on helping businesses navigate data privacy and cyber security laws from a practical standpoint. David has helped hundreds of companies establish and maintain ongoing privacy and security programs, and he has defended corporate privacy and security practices in investigations initiated by the Federal Trade Commission, and other data privacy and security regulatory agencies around the world, as well as in class action litigation. 

David receives regular recognitions from clients and peers for...

303.685.7425
Advertisement
Advertisement
Advertisement