Colorado Posts Public Comments to CPA Draft Rules

Julie Rubash, Chief Privacy Counsel
November 14, 2022

Want to receive these weekly privacy recaps in your inbox? Sign up for our privacy newsletter, A Little Privacy, Please.


Colorado Posts Public Comments to CPA Draft Rules

Comments submitted by various organizations in response to the proposed draft rules under the Colorado Privacy Act have been made publicly available on the Colorado Attorney General website.

Among other commentators, the Network Advertising Initiative submitted recommendations regarding Universal Opt-Out Mechanisms and Consent, including a recommendation that Controllers have the opportunity to reconcile conflicts between Universal Opt-out Mechanism (UOOM) Signals and local preferences selected by the user directly with the Controller—a capability permitted under the latest version of the California draft regulations.

Conversely, comments from Consumer Reports argue that opt-out rights should never be overridden by a consumer’s subsequent election to opt in to a product or service, such as a loyalty program, emphasizing that selling data or engaging in cross-site targeted advertising is unnecessary to operate a loyalty program. 

Several organizations also commented on rules allowing for UOOMs in non-signal formats, such as lists. Future of Privacy Forum, for example, pointed out the complexity of authenticating individuals in a list across different technologies.


The first of three stakeholder meetings was held November 10, with two additional meetings scheduled for November 15 and November 17, which will give organizations further opportunity for public comment. A hearing on the proposed rules will then be held February 1.   


Irish DPC Submits Draft Decision in Case Against Yahoo!

The Data Protection Commission (DPC) in Ireland announced that it has submitted to other concerned supervisory authorities in the EU a draft decision regarding Yahoo!’s compliance with transparency requirements under GDPR. Concerned supervisory authorities will have until November 24 to object to the decision before it can be finalized. Details of the decision have not been made public.


The DPC inquiry into Yahoo!’s practices under GDPR has been a multi-year process, beginning in 2019. At the time, the Irish Data Protection Commissioner told reporters that her office had received over 38 complaints redirected from other EU data protection authorities, some of which related to giving no option other than to click okay in cookie banners. Over the past two months, the Irish DPC has also submitted draft decisions regarding inquiries into TikTok and Meta. 

The Danish Data Protection Authority released a decision criticizing the JP/Politiken website based on findings by its inspectorate that the consent solution on the site was not sufficiently informed to comply with the DPA’s rules. Specifically, the first layer of the consent solution gave users three options: Necessary Only, Customize Settings, and Accept All, with information about all processing purposes only available in the second layer after a user clicked “Customize Settings”. The supervisory authority found that this solution did not give informed consent as visitors who clicked “Accept All” did not receive information about all processing purposes. 


The inquiry was conducted in accordance with the Danish Data Protection Authority’s special focus on “processing of personal data about website visitors (cookies)” announced in 2021, among other areas of focus.  

Want more of the privacy highlights that matter to adtech and martech? Sign up for our privacy newsletter, A Little Privacy, Please.

A Little Privacy, Please weekly recaps are provided for general, informational purposes only, do not constitute legal advice, and should not be relied upon for legal decision-making. Please consult an attorney to determine how legal updates may impact you or your business.

Latest Blog Posts

Revised Version of APRA Advances Out of U.S. House Subcommittee

May 28, 2024

New Version of the American Privacy Rights Act of...

Exciting New Diagnose Features: New Filters and More Vendor Details

May 21, 2024

New features to help you with your vendor governance,...

Minnesota Sends Comprehensive Privacy Law to Governor

May 20, 2024

Minnesota Sends Privacy Law to Governor. One day before the...

Latest White Papers

Benchmark Report: US Privacy Compliance

August 19, 2022

The current state of publisher compliance with CCPA, and...

Ebook: A Publisher’s Guide to Vendor List Curation

December 16, 2021

How to review your vendor list to mitigate compliance...

Keep in touch

Sign up for our newsletter to keep up with privacy news for adtech and martech,
plus occasional company news.

Let's explore what we can do together.

We'll be in touch within 48 hours

[contact-form-7 id="593" title="Schedule a Demo"]