Colorado Privacy Act
SB 21-190
Regulatory Snapshot: Colorado Privacy Act
Colorado Privacy Act (SB 21-190) is an enacted law in Colorado under the Data Privacy category. It was enacted on 2021-07-07 and becomes effective on 2023-07-01. Colorado currently reports 8 tracked regulations with 8 already in force, giving the state a regulatory strictness score of 76/100 relative to the national baseline. PlainRegWatch last verified this entry on 2026-03-18.
Nationally, 21 states have enacted data privacy statutes and 0 additional bills remain pending — 21 distinct jurisdictions have codified rules in this area so far. That places Colorado within a mature and broadly adopted data privacy landscape where compliance programs typically hinge on definitions in SB 21-190 itself.
Applicability under Colorado Privacy Act: 100K+ consumers data, or 25K+ with data sale revenue. Penalty exposure is documented as: Up to $20,000/violation. AG enforcement only. Notable exemptions: State agencies, HIPAA, GLBA, nonprofits, higher ed, air carriers..
Summary
Comprehensive privacy law with universal opt-out mechanism requirement via browser/device settings.
Key Requirements
Consumer rights: access, correction, deletion, portability, opt-out. Must honor universal opt-out (GPC). Data protection assessments.
Penalties
Up to $20,000/violation. AG enforcement only.
Applicability
100K+ consumers data, or 25K+ with data sale revenue.
Exemptions
State agencies, HIPAA, GLBA, nonprofits, higher ed, air carriers.
Official Source
https://leg.colorado.gov/bills/sb21-190Frequently Asked Questions
Which states have data privacy regulations?
As of the last verification, 21 states have enacted data privacy regulations, with 0 additional bills pending across other states. Colorado is among the states that has enacted such legislation. Browse all data privacy regulations at plainregwatch.com for the complete state-by-state comparison.
When was Colorado Privacy Act enacted?
Colorado Privacy Act was enacted on 2021-07-07 and became effective on 2023-07-01. It was introduced as SB 21-190.
What are the penalties for violating Colorado Privacy Act?
Up to $20,000/violation. AG enforcement only. Note that enforcement mechanisms and penalty structures may vary. Consult the official statute and qualified legal counsel for specific compliance requirements.
Does Colorado Privacy Act apply to small businesses?
100K+ consumers data, or 25K+ with data sale revenue. Many state regulations include thresholds or exemptions for smaller organizations. Review the full applicability criteria and consult legal counsel to determine your obligations.
How does Colorado compare to other states on data privacy?
Colorado has a regulatory strictness score of 76/100, based on 8 enacted regulations out of 8 tracked. Nationally, 21 states have enacted data privacy laws. Visit our state comparison page for a full ranking.
Where can I read the full text of Colorado Privacy Act?
The official text of Colorado Privacy Act (SB 21-190) is available from the Colorado legislature. PlainRegWatch links to the official source for every tracked regulation. We recommend reviewing the full statute alongside qualified legal counsel for compliance planning.
Regulation Guides
Plain-language guides to help you understand the broader regulatory landscape.
Related Federal Data
Explore federal datasets connected to state regulation and enforcement.
PlainInfluence
Federal lobbying and influence data — see who shapes state regulation
PlainSpending
Federal spending data — track enforcement budgets behind regulations
PlainGovJobs
Government workforce data — agencies enforcing state and federal rules
PlainEnviro
EPA enforcement and environmental compliance across all 50 states
Explore Regulations
Disclaimer: This summary is provided for informational purposes only and does not constitute legal advice. Regulation details may have changed since last verification (2026-03-18). Always consult official sources and qualified legal counsel for compliance guidance.
Read our methodology — how this data is sourced, computed, and verified.
Related
| Publisher | Kiznis Studio |
| Sources | Public state legislatures, IAPP, NCSL, and federal regulatory trackers |