CPA is Colorado Privacy Act was signed into law on March 24, 2022. It is a privacy law similar to US CCPA.
The “sale of personal information” is defined as “the exchange of personal data for monetary or other valuable consideration by a controller to a third party.
The controller has 60 days to cure the violation. a noncompliant entity may be fined up to $20,000 per violation.
Opt-out model: like the other state-level laws adopted in the US to date, in most cases data controllers do not need to get consumers’ consent before collecting their personal information.
Controllers are likewise prohibited from processing 'sensitive data' without consent. Consent must be “freely given, specific, informed, and unambiguous.”
Absent consent, the CPA dictates a controller shall not process personal data for “purposes that are not reasonably necessary to or compatible with the specified purposes for which the personal data are processed.”
Compare different US State Privacy Laws
Use a consent management platform like UniConsent to offer consumers full control of data collection, opt-out features, manage the preferences communication.