Data Laws Reach Connecticut

July 28, 2023

In the recent months, we have seen the rollout worldwide of data laws. Many of them focus on issues of privacy and data protection of individuals. As covered in our blog, the European Union has already made great strides to protect user data. In the United States, Connecticut is now the latest state to pass a data privacy law making it the fifth U.S. state to do so. Read on to find out what the Connecticut Data Privacy Act (CTDPA) consists of and how it will affect you.

The Main Goals of CTDPA

Before going into detail, some key terms are crucial to understanding the new law. Data controllers are mentioned frequently and refer to: “An individual who, or legal entity that, alone or jointly with others determines the purpose and means of processing personal data.” Data Processors, another common term, are “an individual who, or legal entity that processes personal data on behalf of a controller.” These two terms are essential for comprehension. 


CTDPA took effect July 1st, 2023. The overall purpose of the CTDPA is to give Connecticut citizens rights over the processing of their personal data.  The law protects the privacy of Connecticut residents when in the context of personal time, meaning acts committed in the context of employment are not protected.

The CTDPA lays out a clear and comprehensive explanation of its principles. Data minimization is one of the main goals of the law. Collection of personal data should be limited only to what is considered “adequate, relevant, and reasonably necessary” based on the context of the situation.


Another important concern of the law is Purpose Limitation. Personal data should not be processed for unnecessary or unsuitable reasons that do not align with the "disclosed purposes”. In essence, companies must not stray from their original reasons for collecting data without consent of the consumer. 


Lastly, the final major stressor of the CTDPA is Confidentiality and Integrity. Data controllers are not just expected, but required to protect users’ information. Specifically, they must have sufficient security protocols in place.  The level of protection must fit the size and seriousness of the data. The law adds that data has to be processed legally in accordance with federal and state law which forbid discrimination against individuals.

Who Does CTDPA Apply To?

CTDPA is applicable to businesses and individuals that operate in the state. Also it applies to companies that have products or services directed at Connecticut residents. Data processors that facilitate services involving personal data for businesses are also subject to the law. The Attorney General of Connecticut is the office in charge of enforcing the CTDPA. 

Data Controller and Processor Obligations and Penalties 

Data controllers and processors of data are responsible for maintaining requirements of CTDPA. One of the key responsibilities is to de-identify data. Data should not be identifiable to a person; the CTDPA is very strict on this point. Furthermore, data controllers must document a Data Protection Assessment. In this assessment, data controllers are examining data processes that create a heightened risk to consumers like targeted advertising. Children’s data is another point of contention for the CTDPA. Controllers are not permitted to process the data of known children without parental consent, meaning children cannot receive targeted advertising. 

The processing of sensitive data is not allowed either without consent. Sensitive data includes data revealing race, ethnicity, religious beliefs, sexual orientation, citizenship, immigration status, information regarding an individual's mental or physical health condition or diagnosis, the processing of genetic personal data or biometric data, personal data collected from a known child, or precise geolocation data.

Data Subject Rights

Many consumers and businesses might wonder what exactly are the rights of Connecticut residents. CTDPA specifically outlines seven main rights designated to consumers:

  1. Right to be Informed 
  2. Consumers have the right to know if a controller is processing their personal data. 
  3. Controllers are required to provide consumers with a privacy notice. 
  4. Right to Access 
  5.  Consumers have the right to confirm whether or not a controller is processing their data and accessing personal data.
  6. Right to Rectification
  7.  Consumers have the right to correct inaccuracies in their data.
  8. Right to erasure 
  9. Consumers have the right to delete personal data about themselves, regardless of whether it was provided or obtained. 
  10. Right to object/opt out
  11. Consumers have the right to opt out of the processing of personal data for the purpose of targeted advertising, sale of personal data, and profiling for automated decisions. 
  12. Right to data portability 
  13.  Consumers have the right to obtain a copy of their personal data. 
  14. Right not to be subject to automated decision-making
  15. Consumers have the right to opt out of the processing of personal data for profiling purposes.

Connections To Other Laws 

CTDPA resembles a very similar law in Europe. The European Union GDPR law and Digital Services Act strongly resemble CTDPA. For more information about European laws, check out our blog post on the latest EU news. Although Connecticut took longer to address these topics than Europe, it is still one of the leading states in the U.S. for data protection and privacy. 


So, what does this law have to do with marketing? Well, laws like these are changing the entire landscape of today’s marketers. Targeted advertising is a slippery slope. Companies need to tread carefully on who they are targeting, how they are targeting, and when to give notice to users.

As we move forward into this new environment, you can count on SparkShoppe to deliver quality information on all marketing developments. Make sure to stay informed with our blog!

Meta's New Scratch & Sniff Ads: A Game-Changer in Digital Marketing

March 31, 2025
Meta has just launched its latest feature—Scratch & Sniff Ads! Imagine scrolling through your feed and encountering an ad that doesn't just capture your attention visually, but engages your sense of smell.
Glass of Water

Saratoga Spring Water Goes Viral

March 27, 2025
Saratoga Spring Water Goes Viral Thanks to an Influencer’s Unlikely Morning Routine

Shaking Up the Market: The Rise of Spirit-Based RTDs

By Sierra Levine March 25, 2025
While traditional malt-based seltzers once dominated this space, the recent surge in spirit-based RTDs has introduced a new wave of innovation and excitement for consumers. These cocktails-in-a-can are changing the way people enjoy their favorite drinks.

Content Saturation: Cutting Through the Noise

March 20, 2025
Do you ever feel like your content is a whisper in an endless buzz of content? No matter how many blogs, videos, or social media posts you create, it’s just not reaching your audience. Welcome to content saturation, the digital version of rush-hour traffic - where everyone is trying to get somewhere, but most of us are just stuck in the jam.
Computer circuit board

Marketing Trend Tracker - Series 17

March 20, 2025
Discover how AI advancements like Meta’s proprietary AI chips and LinkedIn’s Predictive Audiences, plus March Madness campaigns, are revolutionizing marketing.

Your Website, Your Way: Vibe Coding for Marketing

March 20, 2025
It’s no secret that many industries are integrating artificial intelligence into their daily operations. According to a recent McKinsey study, 92 percent of companies plan to invest more in generative AI over the next three years. This trend is making traditionally complex fields like coding more approachable, even for those without prior experience. “Vibe coding,” a term popularized by former Tesla AI executive Andrej Karpathy, uses Large Language Models (LLMs) like ChatGPT to generate code from natural language prompts, where developers describe the intended behavior rather than writing precise code. While this offers clear benefits for developers, how can marketers leverage vibe coding to improve their day-to-day operations?
More Posts
Share by: