Connecticut has become the second state where residents will be able to request data brokers delete their personal information through a centralized, state-run platform.
Connecticut Governor Ned Lamont (D) on Thursday signed a new privacy law which significantly strengthened protections for personal data in the state by banning sales of users’ precise location, creating disclosure requirements for data brokers, bolstering safeguards for genetic data, and restricting companies’ ability to use personal information to set personalized prices for consumers, according to a spokesperson from Lamont’s office.
Under the law, Connecticut will require data brokers to register with the state, disclose how they responded to residents’ requests to delete their personal information, and check the state-built deletion platform every 45 days for new requests. The requirements closely mirror obligations brokers face in California to register with the state’s Delete Request and Opt-Out Platform, known as DROP, and honor residents’ requests to get rid of their personal information.
The law also prohibits retail sellers and third-party delivery services from using personal data, browsing history, or location to set prices. Other businesses are required to disclose when they’ve used a price-setting device to increase prices based on consumers’ personal data. Connecticut is the latest state seeking to regulate companies’ use of personal details about consumers to dictate prices, with some requiring disclosures and others weighing bans of the practice.
“This new privacy law will help protect consumers from imminent harm to their safety, autonomy, and finances by making it harder to stalk people, steal their identity, or engage in hyper-targeted marketing for scams,” Matt Schwartz, senior policy analyst at Consumer Reports, said in a statement.
Connecticut’s new law includes restrictions around businesses’ use of facial recognition technology and gave consumers additional control over their genetic data, as well.
The additions to the state’s privacy requirements take effect on Oct. 1. Companies will also have to comply with other changes to Connecticut‘s privacy law in July that are set to expand the range of companies that have to comply with state requirements, create new restrictions for businesses’ use of sensitive data, and prohibit targeted advertising for minors.
Learn more about Bloomberg Law or Log In to keep reading:
See Breaking News in Context
Bloomberg Law provides trusted coverage of current events enhanced with legal analysis.
Already a subscriber?
Log in to keep reading or access research tools and resources.