The last two years have seen exponential growth in state privacy laws. In 2020, voters in California approved sweeping changes to the State’s landmark privacy law when they enacted the California Privacy Rights Act (“CPRA”). Virginia and Colorado followed suit in 2021, and Utah joined them in early 2022. Now, the Connecticut Senate has unanimously passed its own privacy bill, sending it to the Connecticut House floor for potential final legislative approval. If passed, the Connecticut privacy law would become the fifth major state privacy law that businesses need to comply with.
What would the Connecticut privacy law require?
The proposed Connecticut privacy law follows Colorado’s example in many ways. Some notable provisions include: data subject rights and limits on targeted advertising. The Connecticut law would apply to businesses that either: (1) process the personal data of at least 100,000 Connecticut State consumers per year; or (2) process the personal data of at least 25,000 Connecticut State consumers per year and make at least 25% in gross revenue from the sale of consumer personal data.
Data Subject Rights. Like other privacy laws that preceded it, the proposed Connecticut law includes a set of consumer privacy rights that would cover Connecticut residents. These rights would include:
- Right to Access: the right to access a copy of their personal data in a covered company’s possession.
- Right to Amend: the right to amend or correct any consumer personal information in a covered company’s possession.
- Right to Deletion: the right to request that a covered company delete all consumer personal data in its possession.
- Right to Opt-Out: the right to opt out of the processing of personal data for:
- Targeted Advertising
- Profiling in furtherance of automated decision making that produces legal or other significant effects on consumers.
These rights mirror those found in the Colorado Privacy Act and the CPRA.
Targeted Advertisers. Unlike the privacy laws of Virginia and Utah, the proposed Connecticut law includes a right to opt-out of targeted advertising (sometimes called “behavioral advertising”). Targeted advertising is often based on a consumer’s Internet browsing history and habits. Businesses use different techniques to evaluate consumers for targeted advertising, including using Internet browsing cookies. In an effort to limit such tracking, Google has begun to phase out the use of tracking cookies altogether. The proposed Connecticut privacy law would give consumers the right to stop companies from using tracking cookies and other methods to deliver targeted advertising to them.
Why does the proposed Connecticut privacy law matter to your business?
Connecticut is taking steps to give its residents more rights over their personal information. When a state jurisdiction grants consumers enhanced data privacy rights, affected businesses must update their practices to maintain compliance with the new regulations. Given that the law tracks so closely to that of Colorado, businesses should be able to streamline their existing compliance efforts if Connecticut passes this privacy legislation.
Bear in mind that the Connecticut House of Representatives still gets a say in whether the legislation becomes law and whether any changes get made to it along the way. For now, businesses should stay updated on the bill’s progress and be prepared to undertake compliance efforts if and when the bill becomes law. If passed, most of the measure would go into effect on July 1, 2023, with the remainder becoming effective on January 1, 2025.
Hire experienced privacy attorneys.
In the absence of an overarching federal privacy law, states are taking the initiative. With the passage or potential passage of any state privacy law, several questions arise, including: Is this law different from the privacy laws passed in other states? What disparities require additional compliance efforts? These questions can often have subtle and technical answers. New state privacy laws, like Connecticut’s, get introduced across the country very frequently. Staying on top of this always-changing landscape requires full-time attention.
Hiring experienced privacy attorneys will help your business stay compliant well ahead of when new privacy laws take effect. The attorneys at Klein Moynihan Turco have years of experience with developing and updating privacy policies and personal data collection practices to help keep businesses safe.
If you need assistance with updating your privacy policies and/or personal data collection practices, email us at email@example.com or call us at (212) 246-0900.
The material contained herein is provided for informational purposes only and is not legal advice nor is it a substitute for seeking legal advice from an attorney. Each situation is unique, and you should not act or rely on any information contained herein without seeking the advice of an experienced attorney.
Photo by Pixabay from Pexels
Similar Blog Posts:
UCPA Compliance: Using CCPA Compliance Efforts to Prepare for the Utah Consumer Privacy Act
Privacy Policies for Websites and Mobile Applications