Privacy Protections for Children's Online Data
| Type | Bill |
|---|---|
| Session | 2024 Regular Session |
| Subjects |
Concerning adding data protections for a minor's online activity.
Bill Summary:
Effective October 1. 2025, the act amends the "Colorado Privacy Act" to add enhanced protections when a minor's data is processed and there is a heightened risk of harm to minors. The act applies to any entity that controls consumer personal data (controller) and that conducts business in Colorado or delivers products or services that are targeted at Colorado residents, regardless of the volume of or amount of revenue derived from that activity.
A controller that offers an online service, product, or feature to a consumer who the controller knows or willfully disregards is a minor is required to:
- Use reasonable care to avoid any heightened risk of harm to minors caused by the service, product, or feature; and
- Conduct, and review as necessary, a data protection assessment for the service, product, or feature if there is a heightened risk of harm to minors and maintain documentation regarding the assessment for a specified period.
Unless the minor or, for a minor who is under 13 years of age, the minor's parent or legal guardian has consented, a controller is prohibited from processing a minor's personal data:
- For targeted advertising, selling the minor's personal data, or profiling in furtherance of decisions that produce legal or similarly significant consequences;
- For any processing purpose other than the purpose disclosed at the time the minor's personal data is collected or a purpose reasonably necessary for the disclosed processing purpose; or
- For longer than reasonably necessary to provide the service, product, or feature.
Absent consent, a controller is also prohibited from:
- Using a system design feature to significantly increase, sustain, or extend a minor's use of the service, product, or feature; or
- Collecting a minor's precise geolocation, except under specified circumstances.
Neither a controller nor a processor that processes personal data for a controller is required to implement an age verification or age-gating system or otherwise affirmatively verify the age of consumers, and a controller that conducts commercially reasonable age estimation is not liable for an erroneous age estimation.
The attorney general and district attorneys are authorized to enforce the requirements of the act in the same manner as authorized under the "Colorado Privacy Act", including notifying a controller of, and allowing a controller time to cure, a violation.
APPROVED by Governor May 31, 2024
EFFECTIVE October 1, 2025
(Note: This summary applies to this bill as enacted.)
Related Documents & Information
| Activity | Vote | Documents |
|---|---|---|
| Adopt amendment L.005 | The motion passed without objection. | Vote summary |
| Refer Senate Bill 24-041, as amended, to the Committee of the Whole. | The motion passed on a vote of 11-0. | Vote summary |
| Activity | Vote | Documents |
|---|---|---|
| Adopt amendment L.001 | The motion passed without objection. | Vote summary |
| Adopt amendment L.002 | The motion passed without objection. | Vote summary |
| Refer Senate Bill 24-041, as amended, to the Committee of the Whole. | The motion passed on a vote of 7-0. | Vote summary |
| Date | Calendar | Motion | Vote | Vote Document |
|---|---|---|---|---|
| 05/06/2024 | House Amendments | REPASS |
34
AYE
0
NO
1
OTHER
|
Vote record |
| 05/06/2024 | House Amendments | CONCUR |
34
AYE
0
NO
1
OTHER
|
Vote record |
| 04/23/2024 | Third Reading | BILL |
33
AYE
0
NO
2
OTHER
|
Vote record |
| Date | Calendar | Motion | Vote | Vote Document |
|---|---|---|---|---|
| 05/05/2024 | Third Reading | BILL |
61
AYE
0
NO
4
OTHER
|
Vote record |
| Date | Location | Action |
|---|---|---|
| 05/31/2024 | Governor | Governor Signed |
| 05/15/2024 | Governor | Sent to the Governor |
| 05/14/2024 | House | Signed by the Speaker of the House |
| 05/14/2024 | Senate | Signed by the President of the Senate |
| 05/06/2024 | Senate | Senate Considered House Amendments - Result was to Concur - Repass |
| 05/05/2024 | House | House Third Reading Passed - No Amendments |
| 05/04/2024 | House | House Second Reading Special Order - Passed with Amendments - Committee |
| 05/03/2024 | House | House Second Reading Laid Over Daily - No Amendments |
| 05/01/2024 | House | House Committee on Business Affairs & Labor Refer Amended to House Committee of the Whole |
| 04/23/2024 | House | Introduced In House - Assigned to Business Affairs & Labor |
| 04/23/2024 | Senate | Senate Third Reading Passed - No Amendments |
| 04/22/2024 | Senate | Senate Second Reading Passed with Amendments - Committee, Floor |
| 04/19/2024 | Senate | Senate Second Reading Laid Over to 04/22/2024 - No Amendments |
| 04/16/2024 | Senate | Senate Committee on Business, Labor, & Technology Refer Amended to Senate Committee of the Whole |
| 01/10/2024 | Senate | Introduced In Senate - Assigned to Business, Labor, & Technology |
Prime Sponsor
Sponsor
Co-Sponsor
| Effective Date | Chapter # | Title | Documents |
|---|---|---|---|
| 10/01/2025 | 296 | Privacy Protections for Children's Online Data |