Code of Colorado Regulations
900 - Department of Law
904 - Attorney General-Consumer Protection Section
4 CCR 904-3 - Colorado Privacy Act Rules
Part 4 - CONSUMER PERSONAL DATA RIGHTS
Section 4 CCR 904-3-4.03 - RIGHT TO OPT OUT
Universal Citation: 900 CO Code Regs 4 CCR 904-3-4.03
Current through Register Vol. 47, No. 17, September 10, 2024
A. A Controller shall comply with an opt-out request by:
1.
Ceasing to Process the Consumer's Personal Data for the Opt-Out Purpose(s) as
soon as feasibly possible and without undue delay from the date the Controller
receives the request, taking into account the size and complexity of the
Controller's businesses and burden of operationalizing the opt-out.
a. If a Controller does not know the identity
of a Consumer submitting an online opt-out request, such that the Controller is
unable to opt the Consumer out of the Processing of offline or other connected
Personal Data, the Controller may request the additional information necessary
to do so subject to 4 CCR 904-3, Rules 4.08 and
5.05.
b. If a Consumer submits a
request to exercise more than one Data Right and a Controller is able to
complete the opt-out request in a more timely manner than other Data Rights
requests, the Controller should complete the opt-out request prior to any other
Data Rights request.
2.
Maintaining a record of the opt-out request and response, in compliance with
4 CCR 904-3, Rule 6.11.
3. Using agreed upon technical,
organizational or other measures or processes to instruct its Processors,
pursuant to C.R.S. §
6-1-1305(2)(a), to
stop Processing the Personal Data as needed to effectuate the Consumer's
opt-out request.
B. To enable a Consumer to exercise the right to opt out of the Opt-Out Purposes provided in C.R.S. § 6-1-1306(1)(a)(I), a Controller must provide the disclosures required by C.R.S. § 6-1-1308(1)(b).
1. A Controller that Sells Personal Data or
Processes Personal Data for Targeted Advertising must also provide a clear and
conspicuous method for Consumers to exercise the right to opt out of the
Processing of Personal Data for each or all of the Opt-Out Purposes, as
applicable.
a. The clear, conspicuous method
must be provided either directly or through a link, in a clear, conspicuous,
and readily accessible location outside the privacy notice.
2. A Controller Processing
Personal Data for Profiling in furtherance of a decision that results in the
provision or denial of financial or lending services, housing, insurance,
education enrollment or opportunity, criminal justice, employment
opportunities, health-care services, or access to essential goods or services,
as subject to the opt-out right provided at C.R.S. §
6-1-1306(1)(a)(I),
shall provide a clear and conspicuous method for Consumers to exercise the
right to opt out of Processing Personal Data for such Profiling at or before
the time such Processing occurs.
3.
Any clear and conspicuous method for Consumers to exercise the right to opt out
of Processing for the Opt-Out Purposes, provided pursuant to this section, must
comply with the requirements of
4 CCR 904-3, Rule
4.02 . If a link is used, it
must take a Consumer directly to the opt-out method and the link text must
provide a clear understanding of its purpose, for example "Colorado Opt-Out
Rights," "Personal Data Use Opt-Out," "Your Opt-Out Rights," "Your Privacy
Choices," or "Your Colorado Privacy Choices."
C. An Authorized Agent may exercise a Consumer's opt-out right on behalf of the Consumer, so long as the Controller is able to, with commercially reasonable effort, Authenticate the identity of the Consumer and the Authorized Agent's authority to act on the Consumer's behalf.
D. A Controller may collect the Consumer's Personal Data necessary to effectuate the Consumer's opt-out right, pursuant to 4 CCR 904-3, Rule 4.02(D).
Disclaimer: These regulations may not be the most recent version. Colorado may have more current or accurate information. We make no warranties or guarantees about the accuracy, completeness, or adequacy of the information contained on this site or the information linked to on the state site. Please check official sources.
This site is protected by reCAPTCHA and the Google
Privacy Policy and
Terms of Service apply.
