Consumer Electronics Daily was a Warren News publication.

Colo. Privacy Bill Clears Legislature

Colorado could soon become the third state with a comprehensive privacy law. Senators voted 34-0 Tuesday to concur with House amendments to SB-190. The House passed the bill 57-7 Monday. The Senate kept House changes including language clarifying that nothing in the law provides for a private right of action. The bill goes next to Gov. Jared Polis (D), whose office didn’t comment now. Polis is widely expected to sign, particularly given the wide voting margins in the House and Senate, said Ballard Spahr privacy attorney Greg Szewczyk in an interview. SB-190 follows Virginia’s model with much of the same terminology and big-picture requirements, so having Colorado as the third state law probably won’t significantly complicate U.S. privacy rules, he said. Unlike Virginia, but as in California, Colorado’s attorney general would have to make rules implementing the bill, he said: “As to how difficult compliance is going to be, that may have a significant impact.” One big difference with Virginia is that Colorado would allow enforcement by district attorneys in addition to the AG, Szewczyk noted. Colorado’s law is “a mixed bag” that lawmakers should seek to strengthen in future years, Common Sense Media Director-State Advocacy Joseph Jerome told us: “I don’t think it’s anybody’s dream privacy law, but ... it’s certainly a marked improvement over what was able to pass out of Virginia earlier this year.” DAs joining enforcement could be useful, he said. SB-190 has good parts, including requiring companies to honor browser privacy signals as an opt-out, but “the bill needs to be stronger to fully protect consumers, including by tightening up potential loopholes for targeted advertising, and clarifying that consumers can’t be charged for exercising their privacy rights,” emailed Consumer Reports Senior Policy Analyst Maureen Mahoney. Computer and Communications Industry Association Privacy Counsel Keir Lamont said “the prospect of an increasingly divergent set of state-level compliance obligations further underscores the need for federal action to establish baseline privacy rules.”