Your Face, Your Car, Your Privacy: What Colorado's New Police Surveillance Bill Means for You

The Bottom Line

If you've ever wondered how long the police keep footage of your car running a red light or your face at a public protest, this bill aims to create strict new rules. It puts expiration dates on police surveillance data, requires a warrant for facial recognition, and lets you request your own data from local departments for free.

What This Bill Actually Does

The Surveillance Accountability and Freedom Ensured (SAFE) Act sets statewide boundaries on how law enforcement agencies—from local sheriffs to Colorado Parks and Wildlife—can use modern surveillance tools. We are talking about automated license plate readers (ALPRs), speed cameras, drones, and facial recognition software. The primary goal is to balance public safety with digital privacy by ensuring these tools are only used for targeted, lawful purposes rather than unchecked, long-term mass data collection.

The core of the legislation establishes a strict ticking clock on data storage. Unless footage or data is part of an active investigation, police can't hold onto it forever. Data from traffic cameras and license plate readers must be permanently and securely destroyed after 30 days. Drone and pole-mounted camera footage expires in 90 days, and facial recognition data must be wiped after just seven days. Furthermore, officers can't just use facial recognition on a whim; the bill requires them to secure a judge's warrant first, unless there is an imminent threat to public safety.

Finally, the bill adds heavy transparency and enforcement mechanisms to keep agencies accountable. Before a police department can buy or upgrade this kind of technology, they have to host a public privacy impact assessment to get community input and secure formal approval from their local city council or county commissioners. If an agency breaks these rules, the bill gives the Attorney General and affected citizens the right to sue for up to $5,000 per violation, and any illegally gathered data gets thrown out of court.

What It Means for You

For the average Coloradan going about their day, this legislation fundamentally changes your right to digital privacy in public spaces. Right now, when you drive past a license plate reader on the highway or walk near a police pole camera downtown, that data can often sit on a local government server for months or years, even if you’ve done nothing wrong. The SAFE Act ensures your daily footprint is routinely erased. You are effectively guaranteed that casual, day-to-day footage of your morning commute isn't being stockpiled indefinitely.

One of the most powerful tools in this legislation is the direct power it gives you as a resident to verify your privacy. The bill requires law enforcement to provide you with free access to information about their surveillance tech. If you submit a request via email or mail, the agency has ten business days to confirm they’ve destroyed your personal identifying information or show you anonymized logs of who accessed it and why. It is essentially a 'right to know' for local policing, ensuring you aren't stuck paying hefty public records fees just to find out if you're in a municipal database.

If you ever end up on the wrong side of the law, this bill also shifts the legal landscape. Because the legislation states that any data collected in violation of these rules is inadmissible as evidence, defense attorneys will undoubtedly scrutinize whether a police department’s data retention policies were perfectly compliant. If an agency kept a traffic camera photo for 32 days instead of the mandated 30, that evidence could potentially get tossed out of a criminal or civil trial.

What It Means for Your Business

If your business operates in the government contracting, cybersecurity, or IT services sectors, this bill represents a massive shift in how you will design and sell products to Colorado law enforcement. Agencies and their contractors are completely banned from monetizing, licensing, or selling surveillance data. This means third-party vendors who rely on data-sharing partnerships will need to overhaul their business models. Furthermore, the bill mandates that all surveillance data must be encrypted and secured to strict industry standards, opening lucrative doors for local tech firms that specialize in secure data destruction, encryption, and compliant cloud storage.

For businesses supplying physical hardware—like drones, speed cameras, or facial recognition systems—the public procurement pipeline is about to get much longer. The requirement for a public privacy impact assessment and local government approval means sales cycles will drag out. You will need to help your law enforcement clients justify the technology to the public and prove that your systems have built-in, automated deletion tools that can comply with the 7-day, 30-day, and 90-day retention limits. If your software cannot automatically scrub data when the clock runs out, it won't be a viable option in Colorado.

Outside of the tech and contracting worlds, general business owners should note how this impacts local enforcement and commercial data. If you run a logistics company, a fleet of delivery vehicles, or even a local retail shop, the data collected on your vehicles and storefronts by public cameras will be subject to these exact same deletion rules. It also means businesses cannot purchase municipal surveillance data for commercial use, like traffic flow analysis or location-based marketing, closing off what has historically been a secondary revenue stream for some municipalities.

Follow the Money

Privacy doesn't come cheap. According to the state's fiscal note, implementing the SAFE Act would cost Colorado roughly $3 million annually, requiring the state to hire 24 new full-time employees. The Department of Law would need the lion's share of that funding to hire a team of 18 auditors just to investigate and enforce compliance across Colorado's 332 distinct law enforcement agencies every two years. Other agencies, like Colorado Parks and Wildlife, would need additional funds to upgrade the data storage capabilities for their trail cameras and drones.

On the local level, this could become a massive budgetary headache for municipal police departments and county sheriffs. Because the bill establishes stringent encryption, auditing, and auto-deletion requirements, many local departments would be forced to spend heavily on IT infrastructure upgrades and administrative staff to handle the new 10-day turnaround for public records requests. Since the state isn't providing extra funding to local governments to cover these upgrades, those costs would inevitably fall on local city and county budgets—and by extension, local taxpayers.

Where This Bill Stands

SB26-071 is currently Dead. The latest official action came on 05/06/2026: Senate Committee on Judiciary Postpone Indefinitely.

That means the bill is no longer advancing this session. In practice, measures that are postponed indefinitely or otherwise declared lost generally stay dead unless they are reintroduced in a future session.