Colorado Privacy Act - Profiling & ADM Provisions
In effect since July 1, 2024
Overview
Grants Colorado consumers the right to opt out of profiling in furtherance of automated decisions that produce legal or significant effects.
This is a privacy law with automated decision-making provisions.
Who this applies to
This regulation applies to companies that use or deploy AI tools and systems built by other vendors. If your company uses AI-powered products in the areas listed below, this regulation may apply to you.
AI categories covered
- Consumer-facing AI
- Automated decision-making
- Algorithmic profiling
Specific AI use cases:
- Customer profiling and segmentation
- Credit scoring and risk assessment
- Dynamic and algorithmic pricing
What this requires you to do
Consumer opt-out required
Provide an opt-out mechanism. Consumers must be able to opt out of automated decision-making.
Profiling disclosure required
Disclose profiling activities. Inform consumers when you use their data for profiling purposes.
ADM impact assessment required
Conduct an ADM impact assessment. Evaluate how your automated decision-making affects consumers.
Enforcement and penalties
Up to $20,000 per violation. Enforced by Colorado AG.
Source
Read the full text
https://coag.gov/resources/colorado-privacy-act/
Always verify current language and amendments at the official source.
Other Colorado regulations
Explore more rules in the same jurisdiction that may apply to your AI systems.
Want to know what else applies to your company?
Run a free XIRA scan to see all regulations that match your states and AI tools.