In the fourteenth episode of our Legislating Data Privacy podcast series, we talk with Colorado Attorney General Phil Weiser.

Over the next year, the Colorado Attorney General’s office will play a significant role in the development of state privacy law through Colorado Privacy Act (CPA) rulemaking.

The CPA charges the office with promulgating regulations on two mandatory topics and one permissive topic:

  1. By July 1, 2023, the office must issue “technical specifications for one or more universal opt-out mechanisms that clearly communicate a consumer’s affirmative, freely given, and unambiguous choice to opt out of the processing of personal data for purposes of targeted advertising or the sale of personal data.”
  2. By January 1, 2025, the office must “adopt rules that govern the process of issuing opinion letters and interpretive guidance to develop an operational framework for business that includes a good faith reliance defense of an action that may otherwise constitute a violation of” the CPA.
  3. The CPA grants the office permissive authority to “promulgate rules for the purpose of carrying out” the CPA.

In April, the office published Pre-Rulemaking Considerations for the Colorado Privacy Act in which it solicited informal input on eight topics, including the universal opt-out mechanism, consent, dark patterns, profiling, and data protection assessments. The office is currently accepting comments and engaging in an outreach strategy to talk with stakeholders.

During this podcast episode, Attorney General Weiser provides an overview of the rulemaking process and what we can expect to see in the coming months. Among other topics, he also discusses his philosophical approach to rulemaking, the team he has put in place to draft the regulations, and his thoughts on interoperability between the CPA and other state privacy laws.

Click here or below to listen to the full interview.