Ban Government Purchase of Personal Data from Third Party

What This Bill Actually Does

The core problem this bill tackles is what legal nerds call the "third-party doctrine." Traditionally, under the Fourth Amendment, law enforcement needs a warrant to search your property or your digital life. But as technology evolved, a massive loophole opened up: data brokers. Your favorite weather apps, navigation tools, and social media platforms constantly collect your exact GPS location, search history, and app usage. They then aggregate and sell this footprint. Currently, government agencies can just open their wallets and buy this data subscription, entirely bypassing the Fourth Amendment warrant requirement because you technically "volunteered" the data to a third party.

Enter HB26-1037, officially dubbed the "Fourth Amendment is Not for Sale Act." This bill makes it strictly illegal for state and local government agencies—especially law enforcement—to obtain your personal data from a third party in exchange for "anything of value." And they cast a wide net here. It covers money, of course, but also access fees, licensing fees, and service trades. The bill explicitly lists 16 categories of protected data, including your web browsing history, biometric data, precise geolocation, financial info, health records, and even algorithms' inferences about your habits. Furthermore, agencies are banned from sharing this brokered data with each other, preventing a scenario where one agency buys the data and launders it to another department.

The bill isn't a total blackout on data access; it just restores the traditional rules of engagement. Police can still get your data if they secure a valid judicial warrant, subpoena, or court order. There are also common-sense exceptions built in: life-or-death emergencies, active investigations by the National Center for Missing and Exploited Children, data already widely published in the media, or situations where you explicitly consent to hand over your data. If an agency breaks these rules, the bill packs a serious punch: the illegally purchased data is legally excluded from being used in trial, and citizens are granted a private cause of action to sue the government for violating their privacy.

What It Means for You

If you carry a smartphone in Colorado, you are generating thousands of data points a day. You might assume your digital privacy is protected by the Constitution, but right now, your digital trail is essentially treated as a public commodity for government surveillance—available to any state agency willing to pay a data broker. This bill ensures that your digital life can't be put on a government clearance rack without a judge actively agreeing there is probable cause to look at it.

The most immediate impact on your daily life is a massive upgrade to your civil rights. The Colorado Supreme Court has already signaled that our state constitution offers stronger privacy protections than the federal government, and this bill codifies that sentiment into hard law. If this passes, you gain a concrete legal remedy. If a government entity buys your data to bypass a warrant, you can take them to civil court, seek an injunction, and even recover your attorney fees. Furthermore, if you are ever involved in a legal proceeding, this bill guarantees that purchased data cannot be used against you in court. It is a direct response to a digital age where our personal information is constantly harvested without our meaningful consent.

Here is what you should do while the legislature debates this:

• Audit your app permissions: Don't wait for the government to protect your data. Go into your phone settings today and turn off "precise location" sharing for apps that don't absolutely need it to function.
• Contact the Judiciary Committee: This bill is currently sitting in the House Judiciary Committee. If you feel strongly about your digital privacy—or conversely, if you worry this will stop police from solving crimes—email the committee members before their first hearing to voice your perspective.

What It Means for Your Business

For most brick-and-mortar businesses—restaurants, general contractors, real estate developers—this bill will not change your day-to-day operations or compliance paperwork at all. However, if your company operates in the data brokerage, ad-tech, software-as-a-service (SaaS), or app development space, this represents a major market shift. If you currently generate revenue by selling aggregated or anonymized consumer data sets to government entities, that revenue stream in Colorado is about to be completely severed.

There is also a massive compliance angle here for government contractors and software vendors. The bill prohibits data exchanges for "anything of value," which explicitly includes access fees, service fees, maintenance fees, and licensing fees. If you provide a software platform to law enforcement that includes bundled access to third-party consumer data—even as a secondary feature—your contracts will need immediate restructuring. Because the bill includes a Safety Clause, it will take effect the exact moment the governor signs it. There is no six-month grace period for transitioning existing municipal contracts; the door slams shut immediately.

Here are the specific action items business owners in the tech and data space should take this week:

• Audit your government contracts: If you supply software, marketing data, or analytics services to state or local agencies, review your deliverables to ensure you aren't passing through restricted third-party data.
• Consult your legal counsel: If your business model involves data monetization, ask your lawyer to review the bill's exceptionally broad definition of "personal data" (which includes IP addresses and device identifiers) against your current client list.
• Review data sourcing: Ensure you understand exactly where the data in your software products originates. The definition of a "Third Party" in this bill is anyone who isn't the government and isn't the specific person the data belongs to.

Follow the Money

The official fiscal note for HB26-1037 has not been published yet, but we can already anticipate a few distinct financial ripples for the state. First, state and local law enforcement agencies will likely see a shift in their investigatory budgets. Without the ability to simply purchase bulk data subscriptions from commercial vendors (like specific location-tracking services or facial recognition databases), agencies may need to redirect funds toward traditional, labor-intensive investigative work and the administrative costs of processing more judicial warrants.

On the liability side, local governments and state agencies will need to tread very carefully to avoid fresh legal costs. Because the bill creates a private cause of action and allows plaintiffs to recover reasonable attorney fees, a single rogue data purchase by a police department or state agency could result in costly civil litigation. Taxpayers ultimately foot the bill for municipal legal settlements, making rapid compliance training for law enforcement a fast-approaching financial necessity if this bill becomes law.

Where This Bill Stands

HB26-1037 was introduced in the House on January 14, 2026, and has been assigned to the House Judiciary Committee. It is currently at the very beginning of its legislative journey, but it is one of the most fascinating bills of the session due to its sponsors. Representative Jennifer Bacon and Senator Lisa Cutter are bringing the progressive civil rights perspective, while Representative Ken DeGraaf brings a strong conservative, limited-government angle.

This "horseshoe politics" coalition—where the two ends of the political spectrum unite against government overreach—gives the bill incredibly strong momentum right out of the gate. However, expect heavy, organized pushback from law enforcement lobbying groups and data broker associations, who will argue this hinders police efficiency and public safety. The next big hurdle is its first committee hearing. Keep an eye on the calendar for late January to see if the sponsors amend the bill to appease police unions, or if they hold the line on these strict privacy protections.