Attorney General William Tong has informed Connecticut residents and businesses about the upcoming changes in data privacy rights under the Connecticut Data Privacy Act (CTDPA). These changes will be effective from January 1, 2025.
Tong stated, “We’re all familiar now with the ‘ask site not to track’ pop-ups. Starting January 1, you can install a simple browser extension to answer that question once and for all—and sites you visit will be responsible for knowing and following your preference. This is a key step forward for consumer privacy rights, and I urge consumers on January 1 to take advantage of this right to control their data.”
The CTDPA was established in July of last year as one of the first comprehensive consumer privacy laws in the United States. One of its critical provisions includes honoring global opt-out preference signals (OOPS) sent by consumers. This allows individuals to opt out of targeted advertising and personal data sales across online activities.
From January 1, 2025, Connecticut residents can use various platforms to send OOPS signals to websites indicating their decision to opt out of targeted ads and data sales. These signals are automatically sent through tools like the Global Privacy Control via privacy-focused browsers or extensions.
Businesses affected by the CTDPA must respond to these OOPS signals accurately identifying if the user is a Connecticut resident. Even if there are conflicting privacy choices previously made by consumers or involvement in loyalty programs, businesses must adhere to OOPS but may notify users about these conflicts.
Additionally, businesses subject to CTDPA are required from January 1, 2025, to treat browser-submitted privacy preferences as requests against sales or targeted advertising. However, not all Connecticut businesses fall under CTDPA due to specific revenue thresholds and industry exemptions such as those regulated under HIPAA.
For further details regarding CTDPA provisions, individuals can refer to Attorney General’s FAQ page.