On Tuesday, Connecticut became the fifth state to pass comprehensive privacy legislation when Governor Ned Lamont signed “An Act Concerning Personal Data Privacy and Online Monitoring” into law. Connecticut joins California, Virginia, Colorado, and Utah in enacting new privacy laws that take effect in 2023. Out of fifty states in the U.S., ten percent have now passed a comprehensive privacy law.
Effective July 1, 2023, the Connecticut law adopts a general framework of definitions, consumer rights, and compliance obligations based on concepts of data controller and data processor from the EU’s General Data Protection Regulation (GDPR), and the right to opt out of the “sale” of personal data as first articulated in the California Consumer Privacy Act (CCPA). Overall, the Connecticut law mirrors Colorado’s privacy law but then borrows select concepts from the California, Virginia, and Utah laws. The result is a hybrid of the pre-existing state laws, but not a law that introduces significant contradictions or unique compliance challenges.
Continue Reading Ten Percent and Rising: Connecticut Becomes Fifth U.S. State to Enact Privacy Law