On December 5, 2024, the Colorado Department of Law adopted amended rules to the Colorado Privacy Act (CPA).
The DOL had released the first set of the proposed amended rules—which relate to the interpretative guidance and opinion letter process, biometric identifier consent, and additional requirements for the personal data of minors—on September 13, 2024. The Attorney General discussed the proposed rules at the 2024 Annual Colorado Privacy Summit, sought and received comments from the public, and revised the rules. The adopted rules will now be sent to the Attorney General, who will issue a formal opinion. After that formal opinion is issued, the rules will be filed with the Secretary of State, and they will become effective 30 days after they are published in the state register.