What are consumer rights under the CPA?

Under the Colorado Privacy Act, consumers have five specific rights: Right to access: any personal data that a company has collected about them Right to opt out: of data processing for targeted advertising, sale or profiling using their personal data Right to correction: any personal data that has been collected about them and is incorrect or outdated Right to deletion: any personal data that has been collected about them Right to data portability: to receive the personal data a company has about them in a readily portable format that can be transferred to another entity

Colorado Privacy Act: CPA Compliance

The Usercentrics Consent Management Platform (CMP) helps you to build user trust, grow revenue, and meet CPA compliance requirements.

Start free Contact Sales

What is the CPA?

The Colorado Privacy Act (CPA) was the third modern and comprehensive data privacy law passed in the U.S. after Virginia’s. It came into effect in 2023. It gives Colorado residents greater control over their personal data and requires businesses to be transparent about data collection and use. It also gives individuals rights, including access, deletion, and opt-out from targeted advertising, sale or profiling using their personal data.

Common CPA questions and answers

COMPLIANCE

How to comply with the Colorado data privacy law

To comply with the CPA, businesses must provide clear, up-to-date privacy notices, disclose data collection and sharing practices, and enable Colorado residents’ right to opt out of data sales and other covered uses. They must also obtain parental consent before collecting or processing minors’ personal data.

RISKS

What are the consequences of CPA noncompliance?

Fines and other penalties are not explicitly specified under the CPA. They are governed by the Colorado Consumer Protection Act, and range from $2,000–20,000 per violation to $10,000–50,000 per violation, if against an elderly person.

The CPA no longer has a cure period. Other 2025 updates included changes to companies’ compliance requirements, including for employers and restrictions regarding minors.

Benefits of a consent management platform

Manage user consent correctly

Achieve and maintain compliance with state, federal, and international privacy laws and frameworks, like California’s CCPA, the EU’s GDPR, and the TCF v2.2.

Seamless integration

Easily integrate Usercentrics CMP with your website, app, or other platforms. Supports popular CMS and other third-party services to help drive your Privacy-Led Marketing.

Build user trust

Be transparent with users about how you use data and give them control. It’s not just a legal requirement. It’s a competitive differentiator that grows engagement and long-term customer relationships.

Increase opt-in rates

Targeted features like A/B Testing and Contextual Consent enable you to improve user experience quickly. Use data insights to optimize consent rates and capture more high-quality data.

“Usercentrics was the best platform that supported all regulations, had Cross-device Consent Sharing, and it allowed us to add as many domains as needed.”

Erinn Springer

— Digital Product Manager, ONE

Contact our expert team

We’re happy to answer questions about data privacy, compliant marketing operations, and the CPA. Usercentrics’ Consent Management Platform helps you build trust and avoid penalties. Learn more today.

Interested in how privacy compliance benefits user experience and your marketing strategies?
Not sure if your business is privacy-compliant in Colorado?
Need clarity on what your company’s compliance responsibilities are?
Looking to partner with us?

Contact sales

Contact chat bubble at the bottom right corner of a chat illustration

Learn more

Checklist

Jul 22, 2024

Colorado Privacy Act (CPA) Checklist

Our CPA compliance checklist will help you achieve and maintain privacy compliance. Build user trust and achieve high opt-in rates.

Article

Oct 19, 2021

Colorado Privacy Act – an overview

The Colorado Privacy Act is the third state-level privacy law passed in the US. It reflects consistency with other states’ laws and evolving legal thought.

Article

Feb 7, 2025

US data privacy laws by state: rights and requirements

In 2025 more US state privacy laws will come into effect than in any previous year, though federal legislation remains stalled. We compare what US state-level data privacy laws mean for consumers and businesses.

Frequently asked questions

Under the Colorado Privacy Act, consumers have five specific rights:

Right to access: any personal data that a company has collected about them
Right to opt out: of data processing for targeted advertising, sale or profiling using their personal data
Right to correction: any personal data that has been collected about them and is incorrect or outdated
Right to deletion: any personal data that has been collected about them
Right to data portability: to receive the personal data a company has about them in a readily portable format that can be transferred to another entity

The Colorado Attorney General enforces the CPA, and provides for a 60-day cure period. Penalties for CPA violations fall under deceptive trade practices, governed by the Colorado Consumer Protection Act. Fines can be from USD 2,000 to USD 20,000 per violation, or between USD 10,000 to USD 50,000 per violation against an elderly person.

CPA compliance software enables businesses to meet the requirements of the Colorado privacy law, like providing consumers with information about data processing and exercising their rights, and obtaining consent where required.

A consent management platform (CMP) is a type of CPA compliance software that enables companies to achieve and maintain CPA privacy compliance for websites and apps. A CMP’s banners present users with information about what cookies and other trackers are in use that collect personal information. They enable users to make informed and granular consent choices. They also securely store and document consent information over time, which users can update.