Colorado's New Universal Opt-Out Mechanism: What Your Business Needs to Know
Attention Colorado Businesses! As of July 1, 2024, the Colorado Privacy Act (CPA) requires businesses covered by the law to offer a new way for consumers to control their data: the Universal Opt-Out Mechanism (UOOM). This consumer-centric update aligns with the CPA Rules and the CPA's goals of transparency and empowers Colorado residents with more control over their personal information. This blog post will guide you through what your business needs to know to comply with the UOOM and maintain consumer trust in the digital age.
Talk to one of our experts today so your business can meet the deadline and sail past it smoothly! Learn More →
What is a Universal Opt-Out Mechanism?
A universal opt-out mechanism (UOOM) allows consumers to easily opt-out of data processing activities, such as targeted advertising and the sale of personal data. Instead of making individual requests to each business, consumers can use a single setting or tool—like a browser extension—to signal their privacy preferences across all businesses.
On November 21, 2023, the Colorado Attorney General published a shortlist of Universal Opt-Out Mechanisms (UOOMs) that were being considered. Applications were accepted for the establishment of this list, and the three best options were published, with public feedback expected until December 14, 2023, after which Global Privacy Control (GPC) was chosen as the finalist.
What is Global Privacy Control (GPC)?
The Global Privacy Control application was submitted on behalf of several privacy-focused organizations, including Consumer Reports and DuckDuckGo, and notable individuals like Robin Berjon and Sebastian Zimmeck. Here's how it works:
- Functionality: GPC is a browser-level privacy signal that allows Internet users to notify businesses of their preference not to have their data sold, shared, or used for cross-context behavioral advertising. Users can activate GPC by toggling a browser privacy setting or installing a browser extension.
- Implementation: When GPC is enabled, the browser or extension automatically sends a signal to each website the user visits, indicating their preference. This signal is attached to HTTP requests as the Sec-GPC request header, with a value of "1" if enabled.
- Support: Currently supported by browsers and extensions like Firefox, Brave, and DuckDuckGo, users need to download and install these tools to activate GPC. While initially developed for web browsers, GPC can also be transferred to other environments, such as mobile devices and IoT platforms.
As regards other US privacy laws, GPC has already been recognized as a valid and legally binding opt out in California, and per the application it is also “likely to comply with the requirements of all other US jurisdictions that currently provide for universal opt-out mechanisms” which would include the US state privacy laws mentioned earlier:
- California Consumer Privacy Act effective now;
- Colorado Privacy Act effective now;
- Texas Data Protection Act becomes effective on 07/01/2024;
- Connecticut Data Privacy Act effective now;
- Delaware Privacy Act becomes effective on 01/01/2025;
- Montana Consumer Data Privacy Act becomes effective on 10/01/2025;
- Oregon Consumer Privacy Act becomes effective on 01/01/2026.
Understand opt-in/opt-out consent under laws like Colorado's CPA and its operational impact.
What does your business need to do to comply?
- Recognize Opt-Out Signals: You should update your systems to detect and honor universal opt-out signals from consumers. These signals will typically come from browser settings or other user-enabled tools. Clym’s compliance tool can help solve this for you so you can avoid the headache.
- Update Privacy Policies: Clearly inform consumers about the new opt-out mechanism in your privacy policy. Make sure the information is easy to understand and accessible.
- Implement Technological Measures: Ensure your technology can process opt-out requests automatically. This might involve updates to your website, apps, and data management systems.
- Train Your Team: Educate your staff about the new requirements and how to handle opt-out signals properly. This includes customer service teams who may receive questions from consumers.
- Coordinate with Third Parties: Make sure any third-party vendors or partners you work with are also compliant with the new rules. This could involve updating contracts or agreements to include these new obligations.
What are the benefits of compliance with Colorado’s Universal Opt-Out Mechanism requirement?
- Consumer Trust: Showing that you respect consumer privacy can build stronger relationships and brand loyalty.
- Simplified Operations: Automating the opt-out process can streamline your data management practices.
- Avoid Penalties: Staying compliant helps you avoid potential fines and legal issues.
What are some challenges and their solutions?
- Technical Integration: Implementing new technology might be challenging. Consider working with privacy experts or consultants to get it right. Clym can help you with your business’ compliance needs so you won’t have to go through the hassle of figuring it out alone.
- Communication: Make sure your consumers understand the changes. Clear, simple communication will help avoid confusion and build trust.
The universal opt-out mechanism is a significant change in data privacy regulation. If your business hasn't started preparing for Colorado's universal opt-out mechanism, now is the time to act.
See Clym in action today!
How can Clym help?
Clym helps to keep your website compliant with the CPA, as well as the GDPR, or CCPA along 50+ other global regulations. Clym offers the following:
- All-in-one platform: One interface combining Privacy and Accessibility compliance with global regulations, at an affordable price;
- Seamless integration into your website;
- Adaptability to your users’ location and applicable regulation;
- Customizable branding;
- Ready Compliance: Covering 30+ data privacy regulations;
- Six preconfigured accessibility profiles, as well as 25+ display adjustments that allow visitors to customise their individual experience.
You can convince yourself and see Clym in action by booking a demo or reaching out to us to discuss your specific needs today.
Alex is a Content Developer at Clym, where he researches and writes about everything related to data privacy and web accessibility compliance for businesses, helping them stay informed on their compliance needs and spreading awareness about making the web safer and more inclusive. When he’s not writing about compliance, Alex has his nose in a book or is hiking in the great outdoors.
Learn More →
FAQs for Colorado Businesses on the Universal Opt-Out Mechanism (UOOM)
What is a Universal Opt-Out Mechanism?
A Universal Opt-Out Mechanism (UOOM) lets consumers opt-out of data processing activities like targeted advertising with a single setting or tool.
What is Global Privacy Control (GPC)?
GPC is a browser-level signal that notifies businesses of users' preferences to not have their data sold or used for behavioral advertising.
What are the benefits of compliance with Colorado’s Universal Opt-Out Mechanism requirement?
Compliance with Colorado’s Universal Opt-Out Mechanism requirement builds consumer trust, simplifies data management, and helps avoid penalties.
What should I do if my business hasn't started preparing for Colorado's universal opt-out mechanism?
You should begin updating systems, privacy policies, and staff training immediately to comply with UOOM requirements and maintain consumer trust. Also, you should consider implement a compliance tool such as that of Clym to facilitate compliance.
How can Clym help?
Clym offers an all-in-one platform for privacy and accessibility compliance, seamless integration, adaptable features, customizable branding, and ready compliance with 50+ data privacy regulations. Whenever a consumer from Colorado or California, or any other US state or country that mandates Universal Opt-Out Mechanisms (UOOMs) accesses your website and has their browser setup to send a GCP signal, Clym’s tool listens for this signal and where it detects it, it automatically opts-out the consumer.