Overview
The Fourth Amendment is Not for Sale Act establishes comprehensive restrictions on law enforcement's ability to purchase or otherwise obtain personal data from third-party commercial sources without proper legal authorization. The legislation responds to growing concerns about the commodification of personal information and law enforcement's circumvention of traditional Fourth Amendment protections by purchasing data that would otherwise require a warrant to obtain. By prohibiting bulk data purchases and establishing strict evidentiary consequences for violations, the Act aims to restore constitutional privacy protections in the digital age and prevent law enforcement from using commercial data brokers as a backdoor to warrantless surveillance. The bill creates a framework that balances legitimate law enforcement needs with individual privacy rights through carefully crafted exceptions for emergency situations, publicly available information, and specific investigative contexts such as missing children cases.
Core Provisions
The Act establishes a categorical prohibition on law enforcement entities obtaining or receiving access to personal data from third parties in exchange for anything of value, as codified in Section 3(2)(a). This prohibition extends beyond direct purchases to encompass any exchange involving valuable consideration. The legislation further restricts law enforcement's ability to share personal data with federal, state, or local agencies or third parties when that data was directly or indirectly collected by the law enforcement agency itself, preventing circumvention through data-sharing arrangements. The Act defines personal data broadly as information collected from or generated by a specific person through consumer transactions or use of consumer products and services, ensuring comprehensive coverage of modern data collection practices. Seven specific exceptions permit data acquisition under limited circumstances: valid judicial warrants, subpoenas, or court orders; emergency situations involving risk of death or serious bodily injury; information lawfully available through government records or widely distributed media; voluntarily publicized personal data pertaining to specific individuals obtained in compliance with applicable laws; and data provided to or by the National Center for Missing and Exploited Children related to missing or exploited child investigations. The most significant enforcement mechanism appears in Section 3(4)(b), which renders personal data acquired in violation of the Act inadmissible at any trial, hearing, or other proceeding, along with any evidence derived from such unlawfully obtained information, creating a powerful exclusionary rule.
Key Points
- Categorical prohibition on purchasing personal data from third parties in exchange for anything of value
- Restriction on sharing personal data collected by law enforcement with other agencies or third parties
- Broad definition of personal data covering consumer transactions and product/service usage
- Seven enumerated exceptions including warrants, emergencies, public records, and missing children investigations
- Exclusionary rule rendering unlawfully obtained data and derivative evidence inadmissible in legal proceedings
Legal References
- Colorado Revised Statutes § 16-3-303.3
- Colorado Revised Statutes § 16-3-303.5
- Colorado Revised Statutes § 6-1-1303
- Colorado Rules of Criminal Procedure
Implementation
Law enforcement entities throughout Colorado bear primary responsibility for implementing the Act's requirements, with compliance obligations extending to all state and local agencies engaged in law enforcement activities. The legislation does not specify dedicated funding sources or appropriations for implementation, suggesting that compliance costs must be absorbed within existing law enforcement budgets. No formal reporting requirements are established, placing the burden of compliance monitoring on existing oversight mechanisms and judicial review processes. The enforcement mechanism operates primarily through the exclusionary rule, which creates strong incentives for compliance by rendering evidence inadmissible when obtained in violation of the Act. This approach relies on prosecutors, defense attorneys, and judges to identify violations during criminal proceedings rather than establishing a proactive administrative enforcement regime. The absence of specified implementation timelines suggests the Act takes effect according to standard legislative procedures, requiring immediate compliance upon enactment without a transition period for law enforcement agencies to adjust their data acquisition practices.
Impact
The Act's primary beneficiaries are Colorado residents whose personal data is currently available for purchase by law enforcement through commercial data brokers, effectively extending Fourth Amendment protections to the commercial data marketplace. The legislation creates a significant shift in law enforcement investigative practices by requiring agencies to obtain judicial authorization for data that was previously available through simple commercial transactions. While specific cost estimates are not provided, law enforcement agencies will likely face increased administrative burdens associated with preparing warrant applications and navigating judicial processes for data acquisition that was previously obtained through direct purchase. The exclusionary rule creates substantial consequences for criminal prosecutions, potentially resulting in suppression of evidence in cases where personal data was improperly obtained. The Act contains no sunset provisions, establishing permanent restrictions on law enforcement data acquisition practices. Expected outcomes include enhanced privacy protections for Colorado residents, increased judicial oversight of law enforcement data collection, and potential limitations on certain investigative techniques that relied on commercially available personal data. The legislation may also influence the commercial data broker industry's operations within Colorado, as law enforcement represents a significant customer base for such services.
Legal Framework
The Act derives its constitutional foundation from the Fourth Amendment's protection against unreasonable searches and seizures, explicitly invoking recent Supreme Court precedent recognizing privacy interests in digital information. The legislation builds upon the principles established in Carpenter v. United States, which held that individuals maintain a reasonable expectation of privacy in certain types of digital data even when held by third parties, rejecting the traditional third-party doctrine in the digital context. The Act integrates with Colorado's existing statutory framework governing search warrants and location information, as referenced in Sections 16-3-303.3 and 16-3-303.5, creating a comprehensive regime for law enforcement data acquisition. The legislation's exclusionary rule aligns with Colorado Rules of Criminal Procedure and state constitutional protections, as interpreted in People v. Seymour. The Act does not explicitly address preemption of local ordinances, suggesting that municipalities may adopt additional protections but cannot authorize practices prohibited by state law. Judicial review provisions operate through the standard criminal procedure framework, with defendants able to challenge evidence admissibility through suppression motions and appellate review. The Act's interaction with federal law enforcement agencies operating in Colorado remains ambiguous, as the prohibition applies to state and local law enforcement entities but may not bind federal agencies absent congressional action.
Legal References
Critical Issues
The Act faces potential constitutional challenges regarding its scope and application, particularly concerning the definition of personal data and whether certain categories of information fall within or outside Fourth Amendment protections. The broad prohibition on data sharing in Section 3(2)(c) may create tensions with federal-state law enforcement cooperation, particularly in joint task forces and multi-jurisdictional investigations. Implementation challenges include determining what constitutes an "exchange for anything of value," which could encompass various arrangements beyond direct monetary transactions, and defining the boundaries of the exception for information "lawfully available to the public through government records or widely distributed media." The emergency exception for situations involving risk of death or serious bodily injury lacks specific procedural safeguards or post-hoc review requirements, potentially creating opportunities for abuse. The Act's exclusionary rule may result in suppression of evidence in serious criminal cases where technical violations occurred, raising public safety concerns and potential political opposition from law enforcement organizations. The legislation does not address how law enforcement should handle personal data already acquired before the Act's effective date, creating uncertainty about retroactive application. The absence of funding provisions means law enforcement agencies must absorb increased costs associated with obtaining judicial authorization for data previously acquired through commercial purchases, potentially straining limited resources. Opposition arguments likely focus on hampering legitimate investigations, creating administrative burdens, and potentially allowing dangerous criminals to escape prosecution due to technical evidentiary violations. The Act's interaction with federal law enforcement agencies and data-sharing agreements remains unclear, potentially creating enforcement gaps where federal agencies continue purchasing data that state and local agencies cannot access.
Key Points
- Potential constitutional challenges regarding scope and definition of protected personal data
- Tensions with federal-state law enforcement cooperation and joint investigations
- Ambiguity in defining "exchange for anything of value" and public availability exceptions
- Lack of procedural safeguards for emergency exception creating potential for abuse
- Risk of evidence suppression in serious criminal cases due to technical violations
- Uncertainty regarding retroactive application to previously acquired data
- Resource constraints from increased warrant application requirements without dedicated funding
- Enforcement gaps where federal agencies may continue practices prohibited for state and local law enforcement
From the Legislature
Concerning prohibiting a government entity from obtaining certain personal data from a third party for use by a government entity in exchange for anything of value.
Sponsors
Calendar
Feb 25
1:30 PM