Data Laws Reach Connecticut

July 28, 2023

In the recent months, we have seen the rollout worldwide of data laws. Many of them focus on issues of privacy and data protection of individuals. As covered in our blog, the European Union has already made great strides to protect user data. In the United States, Connecticut is now the latest state to pass a data privacy law making it the fifth U.S. state to do so. Read on to find out what the Connecticut Data Privacy Act (CTDPA) consists of and how it will affect you.

The Main Goals of CTDPA

Before going into detail, some key terms are crucial to understanding the new law. Data controllers are mentioned frequently and refer to: “An individual who, or legal entity that, alone or jointly with others determines the purpose and means of processing personal data.” Data Processors, another common term, are “an individual who, or legal entity that processes personal data on behalf of a controller.” These two terms are essential for comprehension. 


CTDPA took effect July 1st, 2023. The overall purpose of the CTDPA is to give Connecticut citizens rights over the processing of their personal data.  The law protects the privacy of Connecticut residents when in the context of personal time, meaning acts committed in the context of employment are not protected.

The CTDPA lays out a clear and comprehensive explanation of its principles. Data minimization is one of the main goals of the law. Collection of personal data should be limited only to what is considered “adequate, relevant, and reasonably necessary” based on the context of the situation.


Another important concern of the law is Purpose Limitation. Personal data should not be processed for unnecessary or unsuitable reasons that do not align with the "disclosed purposes”. In essence, companies must not stray from their original reasons for collecting data without consent of the consumer. 


Lastly, the final major stressor of the CTDPA is Confidentiality and Integrity. Data controllers are not just expected, but required to protect users’ information. Specifically, they must have sufficient security protocols in place.  The level of protection must fit the size and seriousness of the data. The law adds that data has to be processed legally in accordance with federal and state law which forbid discrimination against individuals.

Who Does CTDPA Apply To?

CTDPA is applicable to businesses and individuals that operate in the state. Also it applies to companies that have products or services directed at Connecticut residents. Data processors that facilitate services involving personal data for businesses are also subject to the law. The Attorney General of Connecticut is the office in charge of enforcing the CTDPA. 

Data Controller and Processor Obligations and Penalties 

Data controllers and processors of data are responsible for maintaining requirements of CTDPA. One of the key responsibilities is to de-identify data. Data should not be identifiable to a person; the CTDPA is very strict on this point. Furthermore, data controllers must document a Data Protection Assessment. In this assessment, data controllers are examining data processes that create a heightened risk to consumers like targeted advertising. Children’s data is another point of contention for the CTDPA. Controllers are not permitted to process the data of known children without parental consent, meaning children cannot receive targeted advertising. 

The processing of sensitive data is not allowed either without consent. Sensitive data includes data revealing race, ethnicity, religious beliefs, sexual orientation, citizenship, immigration status, information regarding an individual's mental or physical health condition or diagnosis, the processing of genetic personal data or biometric data, personal data collected from a known child, or precise geolocation data.

Data Subject Rights

Many consumers and businesses might wonder what exactly are the rights of Connecticut residents. CTDPA specifically outlines seven main rights designated to consumers:

  1. Right to be Informed 
  2. Consumers have the right to know if a controller is processing their personal data. 
  3. Controllers are required to provide consumers with a privacy notice. 
  4. Right to Access 
  5.  Consumers have the right to confirm whether or not a controller is processing their data and accessing personal data.
  6. Right to Rectification
  7.  Consumers have the right to correct inaccuracies in their data.
  8. Right to erasure 
  9. Consumers have the right to delete personal data about themselves, regardless of whether it was provided or obtained. 
  10. Right to object/opt out
  11. Consumers have the right to opt out of the processing of personal data for the purpose of targeted advertising, sale of personal data, and profiling for automated decisions. 
  12. Right to data portability 
  13.  Consumers have the right to obtain a copy of their personal data. 
  14. Right not to be subject to automated decision-making
  15. Consumers have the right to opt out of the processing of personal data for profiling purposes.

Connections To Other Laws 

CTDPA resembles a very similar law in Europe. The European Union GDPR law and Digital Services Act strongly resemble CTDPA. For more information about European laws, check out our blog post on the latest EU news. Although Connecticut took longer to address these topics than Europe, it is still one of the leading states in the U.S. for data protection and privacy. 


So, what does this law have to do with marketing? Well, laws like these are changing the entire landscape of today’s marketers. Targeted advertising is a slippery slope. Companies need to tread carefully on who they are targeting, how they are targeting, and when to give notice to users.

As we move forward into this new environment, you can count on SparkShoppe to deliver quality information on all marketing developments. Make sure to stay informed with our blog!

Marketing Trend Tracker - Series 16

February 19, 2025
The tech and social media world is buzzing with fresh updates that could shape the future of innovation and marketing. From Mistral AI's launch of its promising assistant, Le Chat, to Pinterest smashing records with user growth and revenue, there’s no shortage of exciting developments. Meanwhile, Microsoft is making waves in advertising by incorporating LinkedIn Audience Insights into its Performance Max campaigns, opening new doors for marketers. Whether it's advancements in AI or shifts in user behavior across platforms, these stories offer a glimpse into the rapidly evolving digital landscape. Keep reading to uncover the key takeaways and what they mean for the future.
Phone with apps on screen

Farewell to the Feathered Icon: the Duolingo Owl’s Death Breaks the Internet

February 13, 2025
This week, the “death” of an icon has sent shockwaves through the international community. Posts of remembrance have been shared by celebrities and organizations like World Health Organization (WHO), the European Space Agency and Netflix. The icon in question: the Duolingo Owl better known as Duo.
American Football

5 Memorable Super Bowl 2025 Ads

February 13, 2025
Here are five Super Bowl 2025 ads we thought stood out from the crowd!

Breaking the Mold: How TikTok Changed Marketing

January 29, 2025
TikTok’s future might seem uncertain, with debates about potential bans looming. Yet, it’s impossible to overlook the undeniable impact this platform has had on the marketing world. TikTok has completely rewritten the rules of advertising, bringing short-form, engaging, and authentic content to the forefront. It has shattered the traditional mold of polished, scripted advertisements and introduced a new era of storytelling and connection. This isn’t just a fleeting trend. TikTok is a reflection of evolving consumer preferences, pushing brands to adapt or risk irrelevance. It forces marketers to rethink how they advertise and what it means to truly engage audiences. Here’s how TikTok has reshaped marketing strategies across the board.
Image of database room

DeepSeek's Revolutionary Entry into the AI Landscape

January 29, 2025
The world of technology experienced a seismic shift recently with the debut of DeepSeek, an ambitious and innovative Artificial Intelligence platform that’s poised to redefine the field.
hands on keyboard with locks overlayed on the photo

The Ongoing Battle for Net Neutrality

January 14, 2025
The debate over Net Neutrality remains a critical issue, ensuring that Internet Service Providers (ISPs) treat all online data equally without prioritizing certain content or charging for premium access. Recent court rulings and the ongoing political discourse underscore the importance of legislative action to preserve an open and fair Internet, with significant implications for consumers, businesses, and innovation.
More Posts
Share by: