The Connecticut Personal Data Privacy Act (Part 3): What Consumers Should Know featured image

The Connecticut Personal Data Privacy Act (Part 3): What Consumers Should Know

by John DiGiacomo

Partner

Internet Law

At the end of 2024, the Connecticut Personal Data Privacy and Online Monitoring Act (“CPDPA”) will become fully effective.

In other articles related to the CPDPA, the Consumer Data Privacy Lawyers at Revision Legal have provided an overview of the Act and looked closer at what obligations the CPDPA imposes on controllers and processors of personal data. In this article, we examine what rights are granted to Connecticut consumers.

To what consumer data does the Connecticut Personal Data Privacy Act​ apply?

As with similar consumer data privacy statutes, the Connecticut Personal Data Privacy Act​ is aimed at providing some protection for the collection, use, sale, and storage of “consumer personal data.” More specifically, the CPDPA is concerned with personal data that can be used or manipulated in such a manner as to personally identify specific and unique individuals. Thus, the CPDPA does not apply de-identified, anonymized, or disaggregated data and other types of data that cannot be used to uniquely identify a person. Further, publicly available information and data that has been voluntarily released to the public by a consumer are also excluded from the definition of “consumer personal data.”

Also, the CPDPA’s emphasis is on “consumer” data. Thus, the CPDPA does not apply to data collected and processed when a person is acting in an employment capacity — such as applying for a job — or in a commercial capacity — such as when he or she is operating a small business.

All that being said, “consumer personal data” generally includes things like social security numbers, names, addresses, financial and credit card account numbers, and more. Certain personal data is considered “sensitive” personal data. This data includes data with respect to:

  • Racial or ethnic origin
  • Religious beliefs
  • Health condition
  • Sexual habits or orientation
  • Citizenship or immigration status
  • Biometric information
  • Precise geolocation data
  • And more

What consumer rights are granted by the Connecticut Personal Data Privacy Act?​

In broad outline, consumers in Connecticut are given notice, consent, opt-out, correction, deletion, portability, and dispute resolution rights under the CPDPA. With respect to notice rights, businesses that collect and process consumer personal data must provide notices to consumers that are “reasonably accessible, clear, and meaningful.” Among other things, the notices must identify what categories of personal data are being collected, with whom the data is shared, the business purposes for which the data is collected/shared, with whom the data is shared, and more. When businesses sell/share the data or use the data for targeted advertising or in connection with automated decision-making that could have significant effects on the consumer (such as an application for a loan), then the notices must provide that information AND obtain the consumer’s consent for collection and processing of the data. Further, under those conditions, businesses must give the consumer a method of “opting out” of having their information sold or used for targeted advertisement.

Further, businesses must allow consumers to obtain a copy or access to their personal data collected and stored, must allow for correction or deletion of that data, and must possess the data in a format that allows it to be transferred (portability). Businesses must also provide contact information for consumers and must have dispute resolution methods and procedures available for circumstances where a consumer wishes to dispute a decision made by a data controller (such as to deny access, refuse to correct, etc.).

Contact The Consumer Privacy Act Attorneys At Revision Legal

For more information, contact the experienced Consumer Privacy Act Lawyers at Revision Legal. You can contact us through the form on this page or call (855) 473-8474.

Extra, Extra!
Recent Posts

Does the AI-Copyright Legal Fight Represent a National Security Threat?

Does the AI-Copyright Legal Fight Represent a National Security Threat?

Copyright

The holders of copyrights for newspapers, magazines, books, and other publications are involved in numerous legal battles with owners of AI modules over alleged copyright infringement. The plaintiff copyright owners claim that the AI large language modules have been trained on huge quantities of copyrighted materials without permission and — most importantly — without payment. […]

Read more about Does the AI-Copyright Legal Fight Represent a National Security Threat?

How Does Buy-Sell Insurance Work For An Owners’ Agreement?

How Does Buy-Sell Insurance Work For An Owners’ Agreement?

Corporate

The owners of most small, closely-held businesses negotiate and sign some form of an “Owner’s Agreement.” An important part of such Agreements is the “Buy-Sell” provisions. These are often some of the most difficult to negotiate. The gist of the buy-sell part of the Owners’ Agreement is to establish the rules for what happens if […]

Read more about How Does Buy-Sell Insurance Work For An Owners’ Agreement?

Status on Social Media Moderation Statutes and Cases

Status on Social Media Moderation Statutes and Cases

Internet Law

Social media content moderation by technology platforms was one of the “hot” legal topics in 2023-2024. Three States — California, Texas, and Florida — passed different statutes to either require more content moderation (California) or to limit such moderation (Texas and Florida). All the statutes, in one way or another, demanded more transparency and information […]

Read more about Status on Social Media Moderation Statutes and Cases

Put Revision Legal on your side

Let's Discuss Your Case