Colorado General AssemblyToggle Main Menu
Agency NameToggle Agency Menu
SB24-041

Privacy Protections for Children's Online Data

Concerning adding data protections for a minor's online activity.
Session:
2024 Regular Session
Subject:
Financial Services & Commerce
Bill Summary

The bill amends the "Colorado Privacy Act" to add enhanced protections when a minor's data is processed and there is a heightened risk of harm to the minor minors . The bill applies to any entity that controls consumer personal data (controller) and that conducts business in Colorado or delivers products or services that are targeted at Colorado residents, regardless of the volume of or amount of revenue derived from that activity.

A controller that offers an online service, product, or feature to a consumer that the controller knows or willfully disregards is a minor is required to:

  • Use reasonable care to avoid any heightened risk of harm to minors caused by the service, product, or feature; and
  • Conduct, and review as necessary, a data protection assessment for the service, product, or feature if there is a heightened risk of harm to minors and maintain documentation regarding the assessment for a specified period.

Unless the minor or, for a minor who is under 13 years of age, the minor's parent or legal guardian has consented, a controller is prohibited from processing a minor's personal data:

  • For targeted advertising, selling the minor's personal data, or profiling the minor's personal data;
  • For any processing purpose other than the purpose disclosed at the time the minor's personal data is collected or a purpose reasonably necessary for the disclosed processing purpose; or
  • For longer than reasonably necessary to provide the service, product, or feature.

A controller is also prohibited from:

  • Using a system design feature to significantly increase, sustain, or extend a minor's use of the service, product, or feature; or
  • Collecting a minor's precise geolocation, except under specified circumstances.

The attorney general and district attorneys are authorized to enforce the requirements of the bill in the same manner as authorized under the "Colorado Privacy Act", including notifying a controller of, and allowing a controller time to cure, a violation.

(Note: Italicized words indicate new material added to the original summary; dashes through words indicate deletions from the original summary.)


(Note: This summary applies to the reengrossed version of this bill as introduced in the second house.)

Status

Introduced
Under Consideration

Menu

Bill Text

Sponsors

Sponsor Type Legislators
Prime Sponsor

Sen. P. Lundeen, Sen. R. Rodriguez
Rep. L. Frizell, Rep. J. Mabrey

Sponsor

Co-sponsor

Sen. M. Baisley, Sen. J. Bridges, Sen. J. Buckner, Sen. J. Coleman, Sen. L. Cutter, Sen. T. Exum, Sen. S. Fenberg, Sen. R. Fields, Sen. B. Gardner, Sen. J. Ginal, Sen. J. Gonzales, Sen. C. Hansen, Sen. S. Jaquez Lewis, Sen. B. Kirkmeyer, Sen. C. Kolker, Sen. L. Liston, Sen. J. Marchman, Sen. D. Michaelson Jenet, Sen. K. Mullica, Sen. B. Pelton, Sen. K. Priola, Sen. D. Roberts, Sen. J. Smallwood, Sen. P. Will

Upcoming Schedule

Colorado legislature email addresses ending in @state.co.us are no longer active. Please replace @state.co.us with @coleg.gov for Colorado legislature email addresses. Details

The effective date for bills enacted without a safety clause is August 7, 2024, if the General Assembly adjourns sine die on May 8, 2024, unless otherwise specified. Details