Partner
In 2022, Connecticut enacted its version of a consumer data privacy act officially called the Connecticut Personal Data Privacy and Online Monitoring Act (“CPDPA”). It is unclear why Connecticut lawmakers used the words “online monitoring” in the statute’s name since the words do not appear together anywhere else in the text of the Act.
In any event, at the time of enactment, Connecticut was the fifth State to enact such a law. As of early 2024, eleven versions of these privacy acts have been enacted, with all of them currently in force or coming into force by the end of 2024. Most of the provisions of the CPDPA have become effective as of late 2023/early 2024. The remainder of the Act will be fully effective as of December 31, 2024. That is also the date on which the Act’s grace period for non-compliance expires.
In this Part One of articles related to the CPDPA, the Consumer Data Privacy Lawyers at Revision Legal provide a “high altitude” overview of the CPDPA with a few comments on how it compares to similar statutes. In related articles, we examine various obligations imposed by the CPDPA on businesses, what rights are granted to consumers, how rights are exercised, and other aspects of the Act.
Is the CPDPA “friendly” to consumers or businesses?
On the spectrum of “friendliness” to consumers or businesses, the CPDPA lies towards the middle of the spectrum. For example, the CPDPA applies to businesses:
On the side of being “business-friendly,” for these thresholds, the CPDPA excludes data processed solely for processing payment transactions. That is a large chunk of data processing that is eliminated when determining applicability. So, this can be seen as “business-friendly.” By contrast, the “25% of gross revenue” threshold is much lower than in similar statutes. So, this can be seen as “consumer friendly.”
For another couple of examples, the CPDPA can be seen as “business friendly” by not permitting any sort of private right of action for consumers. However, the Act can be seen as “consumer friendly” by deeming violations of the CPDPA to be violations of Connecticut’s unfair trade practices statutes. Such statutes impose substantial penalties if violations are proven. Whether the CPDPA will be “business-friendly” or “consumer-friendly” will ultimately be determined by how the Connecticut Attorney General enforces the Act.
What is the framework of the Connecticut Personal Data Privacy Act?
The framework of the Connecticut Personal Data Privacy Act is similar to that used in other privacy statutes. That is, the CPDPA defines “consumer data” and focuses on “controllers” and “processors” of that data. Consumers are given certain rights with respect to how their data is processed, and various obligations are imposed on “controllers” and “processors.”
What obligations are imposed by the Connecticut Personal Data Privacy Act?
In many respects, the obligations imposed by the CPDPA on businesses — “controllers” and “processors” — overlap with the obligations imposed by similar statutes. These include giving notices to consumers, obtaining consent, limiting the processing of data, ensuring cybersecurity, etc. Some of the more onerous requirements are imposed — such as the need for written data protection assessments for processing activities that present “a heightened risk of harm to a consumer.” Some of the newer requirements are also imposed — such as the requirement that businesses accept a consumer’s privacy and opt-out choices “signaled” by technology, software, and/or platforms such as browser settings. In another article related to the Connecticut Personal Data Privacy Act, we delve into the details.
What consumer rights are granted by the Connecticut Personal Data Privacy Act?
As with obligations, the rights granted to consumers by the Connecticut Personal Data Privacy Act overlap with the rights granted by similar statutes. The rights include the right to receive notices, to give (or withhold) consent, to have dispute resolution, to be free from retaliation, and more. We delve into more detail in a related article.
Contact the Consumer Privacy Act Attorneys at Revision Legal
For more information, contact the experienced Consumer Privacy Act Lawyers at Revision Legal. You can contact us through the form on this page or call (855) 473-8474.
The answer to this question is complex and nuanced. In the last decade or so, it has become fashionable to insist there is some stark dichotomy between what a trademark is and what a brand is. But the difference is not as stark as some marketers would like you to believe. The traditional definition of […]
Read more about Is a “Trademark” the Same Thing as a “Brand”?
The Circle R and the TM symbols both relate to trademarks and both can be physically placed on products, packaging, advertising materials, websites, etc. The Circle R symbol is an “R” enclosed in a circle (®). While both are trademark-related symbols, there are different eligibility requirements for use, meanings, and implications. Here is a quick […]
Read more about Trademarks: What is the Difference Between the Circle R and TM Symbols?
E-commerce businesses must comply with federal and State-level advertising laws and regulations. This is true of any business. But e-commerce businesses face special challenges because there is a whole array of potential methods of innocently, accidentally, or intentionally violating advertising laws. These include the potential to engage in false and deceptive advertising practices, such as […]
Read more about Is Your E-Commerce Advertising in Compliance With Existing Laws?