Colorado Privacy Act

Colorado Privacy Act, in force 1 Jul 2023 — follows the Virginia template and was the first state to mandate UOOM honour (1 Jul 2024; GPC on the AG-designated list). SB 24-205 (Aug 2024) added neural data to sensitive scope. Civil penalties up to $20,000/violation — highest among comprehensive state laws. Colorado AG active in 2024-2026 ad-tech and SDK investigations.

Composition

14 controls currently indexed; participates in 8 cross-framework synthesis clusters.

Participates in synthesis

Each cluster listed below combines this framework's controls with operationally equivalent controls from other frameworks, resolving the overlap into a single audit-defensible specification.

• Automated Decision-Making Technology — pre-use notice, opt-out, access rights
• Children's privacy across US states — heightened protections
• Cross-jurisdiction consumer / Data Principal rights — operational fabric
• GDPR data subject rights — Articles 12-22 operational implementation
• PII principal rights — comprehensive ISO 27701-anchored programme
• Processor / service provider contract requirements across jurisdictions
• Sensitive personal information — heightened protection across jurisdictions
• Universal Opt-Out Mechanism (UOOM) / Global Privacy Control honour across US states