Similar to the well-known California Consumer Privacy Act, on July 1, 2024, the Colorado Privacy Act (CPA) goes into effect and will provide Colorado residents with express rights over their data collected by businesses. The CPA requires businesses to provide consumers with an option to opt-out of the sale of their personal information or sharing of their personal information for targeted advertising purposes using a Universal Opt-Out Mechanism (UOOM). Last week, the Colorado Department of Law (the Department) issued a list of UOOMs that will be enforced in the state. This list is part of the CPA Rule’s requirement that the Attorney General “maintain a public list of [UOOMs] that have been recognized to meet the standards of” the Rule. The list was released on January 1, 2024, but may be updated periodically according to the Rule.

The below list of UOOMs includes those that the Department considers valid under the CPA. The UOOMs on this list are recognized as long as the UOOM or any authorized implementations meet the requirements of C.R.S. § 6-1-1313 and 4 CCR 904-3, Part 5. 

Valid UOOMs:

Universal Opt-Out MechanismTechnical SpecificationAdditional Information
Global Privacy Control (GPC)Privacy CGWebsite: Global Privacy Control
Global Privacy Control Implementation Guide

This list does not exclude additional UOOMs from meeting the CPA’s requirements. The list simply represents UOOMs that the Department will prioritize for enforcement. If the list is updated, the Department will accept new applications and seek public comment.

Photo of Kathryn Rattigan Kathryn Rattigan

Kathryn Rattigan is a member of the Business Litigation Group and the Data Privacy+ Cybersecurity Team. She concentrates her practice on privacy and security compliance under both state and federal regulations and advising clients on website and mobile app privacy and security…

Kathryn Rattigan is a member of the Business Litigation Group and the Data Privacy+ Cybersecurity Team. She concentrates her practice on privacy and security compliance under both state and federal regulations and advising clients on website and mobile app privacy and security compliance. Kathryn helps clients review, revise and implement necessary policies and procedures under the Health Insurance Portability and Accountability Act (HIPAA). She also provides clients with the information needed to effectively and efficiently handle potential and confirmed data breaches while providing insight into federal regulations and requirements for notification and an assessment under state breach notification laws. Prior to joining the firm, Kathryn was an associate at Nixon Peabody. She earned her J.D., cum laude, from Roger Williams University School of Law and her B.A., magna cum laude, from Stonehill College. She is admitted to practice law in Massachusetts and Rhode Island. Read her full rc.com bio here.