Colo. Legislature Supports Adding Precise Geolocation to Privacy Law
The Colorado legislature agreed Monday to add precise geolocation data to the definition of sensitive data in the state's comprehensive privacy law. Lawmakers passed an immigration bill (SB-276) that would amend the Colorado Privacy Act (CPA) to do that and prohibit controllers from selling consumers’ sensitive data without opt-in consent.
Sign up for a free preview to unlock the rest of this article
The Senate voted 23-12 Monday to repass the bill after voting 35-0 to concur with House amendments. The House voted 42-21 Saturday to pass the bill. SB-976 still needs approval from Gov. Jared Polis (D) before it can become law.
When the Senate previously passed the bill on April 21, senators removed controversial language that would have amended the CPA to include a Maryland-style data minimization standard (see 2504210028).
Under the latest text of the bill, precise geolocation data means “information derived from technology that accurately identifies the present or past location of a device that links or is linkable to an individual within a radius of” 1,850 feet. It includes GPS coordinates within 1,850 feet or “any data derived from a device and that is used or intended to be used to locate a consumer within a geographic area within” that same radius, but not “the content of communications or any data generated by or connected to advanced utility meeting infrastructure systems or equipment for use by a utility.”