WHAT THIS BILL REGULATES · 4 REQUIREMENT TYPES
How Is This Bill Enforced
Verbatim statutory text on the left; plain-language analysis and a per-section checklist on the right. Numbered markers cross-link to the matching checklist row.
(a) As used in this section: (1) "AlgorithmAlgorithm"Algorithm" means any computational automated process that uses a set of rules to define a sequence of operations.Section 11(a)(1)" means any computational automated process that uses a set of rules to define a sequence of operations; (2) "ConsumerConsumer"Consumer" means an individual who is a resident of this state. "Consumer" does not include an individual acting in a commercial or employment context or as an employee, owner, director, officer or contractor of a company, partnership, sole proprietorship, nonprofit organization or government agency whose communications or transactions with the controller occur solely within the context of that individual's role with the company, partnership, sole proprietorship, nonprofit organization or government agency.Conn. Gen. Stat. § 42-515(8)" means any individual who is physically present in the state; (3) "ConsumerConsumer"Consumer" means an individual who is a resident of this state. "Consumer" does not include an individual acting in a commercial or employment context or as an employee, owner, director, officer or contractor of a company, partnership, sole proprietorship, nonprofit organization or government agency whose communications or transactions with the controller occur solely within the context of that individual's role with the company, partnership, sole proprietorship, nonprofit organization or government agency.Conn. Gen. Stat. § 42-515(8) good" means any article that is purchased, leased, exchanged or received primarily for personal, family or household purposes; (4) "ConsumerConsumer"Consumer" means an individual who is a resident of this state. "Consumer" does not include an individual acting in a commercial or employment context or as an employee, owner, director, officer or contractor of a company, partnership, sole proprietorship, nonprofit organization or government agency whose communications or transactions with the controller occur solely within the context of that individual's role with the company, partnership, sole proprietorship, nonprofit organization or government agency.Conn. Gen. Stat. § 42-515(8) service" means any service that is purchased, leased, exchanged or received primarily for personal, family or household purposes; (5) "ControllerController"Controller" means a person who, alone or jointly with others, determines the purpose and means of processing personal data.Conn. Gen. Stat. § 42-515(11)" has the same meaning as provided in section 42-515 of the general statutes, as amended by this act; (6) "PersonPerson"Person" means any individual, association, corporation, limited liability company, partnership, trust or other legal entity.Section 11(a)(6)" means any individual, association, corporation, limited liability company, partnership, trust or other legal entity; (7) "Personalized algorithmic pricingPersonalized algorithmic pricing"Personalized algorithmic pricing" means any process that uses an algorithm to establish a price for a consumer good or consumer service based in whole or in part on personal data.Section 11(a)(7)" means any process that uses an algorithmAlgorithm"Algorithm" means any computational automated process that uses a set of rules to define a sequence of operations.Section 11(a)(1) to establish a price for a consumerConsumer"Consumer" means an individual who is a resident of this state. "Consumer" does not include an individual acting in a commercial or employment context or as an employee, owner, director, officer or contractor of a company, partnership, sole proprietorship, nonprofit organization or government agency whose communications or transactions with the controller occur solely within the context of that individual's role with the company, partnership, sole proprietorship, nonprofit organization or government agency.Conn. Gen. Stat. § 42-515(8) good or consumerConsumer"Consumer" means an individual who is a resident of this state. "Consumer" does not include an individual acting in a commercial or employment context or as an employee, owner, director, officer or contractor of a company, partnership, sole proprietorship, nonprofit organization or government agency whose communications or transactions with the controller occur solely within the context of that individual's role with the company, partnership, sole proprietorship, nonprofit organization or government agency.Conn. Gen. Stat. § 42-515(8) service based in whole or in part on personal dataPersonal data"Personal data" means any information that is linked or reasonably linkable to an identified or identifiable individual. "Personal data" does not include de-identified data or publicly available information.Conn. Gen. Stat. § 42-515(28); and (8) "Personal dataPersonal data"Personal data" means any information that is linked or reasonably linkable to an identified or identifiable individual. "Personal data" does not include de-identified data or publicly available information.Conn. Gen. Stat. § 42-515(28)" (A) means any information that is linked or reasonably linkable to an identified or identifiable consumerConsumer"Consumer" means an individual who is a resident of this state. "Consumer" does not include an individual acting in a commercial or employment context or as an employee, owner, director, officer or contractor of a company, partnership, sole proprietorship, nonprofit organization or government agency whose communications or transactions with the controller occur solely within the context of that individual's role with the company, partnership, sole proprietorship, nonprofit organization or government agency.Conn. Gen. Stat. § 42-515(8) or a device linked to such consumerConsumer"Consumer" means an individual who is a resident of this state. "Consumer" does not include an individual acting in a commercial or employment context or as an employee, owner, director, officer or contractor of a company, partnership, sole proprietorship, nonprofit organization or government agency whose communications or transactions with the controller occur solely within the context of that individual's role with the company, partnership, sole proprietorship, nonprofit organization or government agency.Conn. Gen. Stat. § 42-515(8), and (B) does not include [de-identified data and certain publicly available information].
(b)(1)–(2) 1 Except as provided in subdivision (3) of this subsection, a personPerson"Person" means any individual, association, corporation, limited liability company, partnership, trust or other legal entity.Section 11(a)(6) who establishes a price for a specific consumerConsumer"Consumer" means an individual who is a resident of this state. "Consumer" does not include an individual acting in a commercial or employment context or as an employee, owner, director, officer or contractor of a company, partnership, sole proprietorship, nonprofit organization or government agency whose communications or transactions with the controller occur solely within the context of that individual's role with the company, partnership, sole proprietorship, nonprofit organization or government agency.Conn. Gen. Stat. § 42-515(8) good or consumerConsumer"Consumer" means an individual who is a resident of this state. "Consumer" does not include an individual acting in a commercial or employment context or as an employee, owner, director, officer or contractor of a company, partnership, sole proprietorship, nonprofit organization or government agency whose communications or transactions with the controller occur solely within the context of that individual's role with the company, partnership, sole proprietorship, nonprofit organization or government agency.Conn. Gen. Stat. § 42-515(8) service by using personalized algorithmic pricingPersonalized algorithmic pricing"Personalized algorithmic pricing" means any process that uses an algorithm to establish a price for a consumer good or consumer service based in whole or in part on personal data.Section 11(a)(7), and who directly or indirectly advertises or promotes such price, labels a consumerConsumer"Consumer" means an individual who is a resident of this state. "Consumer" does not include an individual acting in a commercial or employment context or as an employee, owner, director, officer or contractor of a company, partnership, sole proprietorship, nonprofit organization or government agency whose communications or transactions with the controller occur solely within the context of that individual's role with the company, partnership, sole proprietorship, nonprofit organization or government agency.Conn. Gen. Stat. § 42-515(8) good with such price or publishes a statement, display, image, offer or announcement disclosing such price, shall include in such advertisement, promotion, label, statement, display, image, offer or announcement the following disclosure: "THIS PRICE WAS SET BY AN ALGORITHMAlgorithm"Algorithm" means any computational automated process that uses a set of rules to define a sequence of operations.Section 11(a)(1) USING YOUR PERSONAL DATAPersonal data"Personal data" means any information that is linked or reasonably linkable to an identified or identifiable individual. "Personal data" does not include de-identified data or publicly available information.Conn. Gen. Stat. § 42-515(28)". (2) The disclosure required under subdivision (1) of this subsection shall (A) be made in the same medium in which such advertisement, promotion, label, statement, display, image, offer or announcement is made, and (B) (i) if such disclosure is made by audio means, be readily audible to the average consumerConsumer"Consumer" means an individual who is a resident of this state. "Consumer" does not include an individual acting in a commercial or employment context or as an employee, owner, director, officer or contractor of a company, partnership, sole proprietorship, nonprofit organization or government agency whose communications or transactions with the controller occur solely within the context of that individual's role with the company, partnership, sole proprietorship, nonprofit organization or government agency.Conn. Gen. Stat. § 42-515(8), (ii) if such disclosure is made by visual means, be readily visible to the average consumerConsumer"Consumer" means an individual who is a resident of this state. "Consumer" does not include an individual acting in a commercial or employment context or as an employee, owner, director, officer or contractor of a company, partnership, sole proprietorship, nonprofit organization or government agency whose communications or transactions with the controller occur solely within the context of that individual's role with the company, partnership, sole proprietorship, nonprofit organization or government agency.Conn. Gen. Stat. § 42-515(8), or (iii) if such disclosure is made by audiovisual means, be readily audible and visible to the average consumerConsumer"Consumer" means an individual who is a resident of this state. "Consumer" does not include an individual acting in a commercial or employment context or as an employee, owner, director, officer or contractor of a company, partnership, sole proprietorship, nonprofit organization or government agency whose communications or transactions with the controller occur solely within the context of that individual's role with the company, partnership, sole proprietorship, nonprofit organization or government agency.Conn. Gen. Stat. § 42-515(8).
(b)(3) The provisions of subdivision (1) of this subsection shall not apply to: (A) Any personPerson"Person" means any individual, association, corporation, limited liability company, partnership, trust or other legal entity.Section 11(a)(6) licensed, authorized to operate or registered, or required to be licensed, authorized to operate or registered, pursuant to the insurance laws of this state; (B) Any financial institution or affiliate thereof, as such terms are defined in 15 USC 6809, as amended from time to time, to the extent such financial institution or affiliate is subject to Title V of the Gramm-Leach-Bliley Act, 15 USC 6801 et seq., as amended from time to time; (C) Any bank, holding company or out-of-state bank, as such terms are defined in section 36a-2 of the general statutes, or out-of-state holding company, as defined in section 36a-410 of the general statutes, that directly or indirectly establishes an office in the state and is subject to the supervision of, or regulation by, the Banking Commissioner pursuant to title 36a of the general statutes; or (D) Any personPerson"Person" means any individual, association, corporation, limited liability company, partnership, trust or other legal entity.Section 11(a)(6) who offers a consumerConsumer"Consumer" means an individual who is a resident of this state. "Consumer" does not include an individual acting in a commercial or employment context or as an employee, owner, director, officer or contractor of a company, partnership, sole proprietorship, nonprofit organization or government agency whose communications or transactions with the controller occur solely within the context of that individual's role with the company, partnership, sole proprietorship, nonprofit organization or government agency.Conn. Gen. Stat. § 42-515(8) good or consumerConsumer"Consumer" means an individual who is a resident of this state. "Consumer" does not include an individual acting in a commercial or employment context or as an employee, owner, director, officer or contractor of a company, partnership, sole proprietorship, nonprofit organization or government agency whose communications or transactions with the controller occur solely within the context of that individual's role with the company, partnership, sole proprietorship, nonprofit organization or government agency.Conn. Gen. Stat. § 42-515(8) service to a consumerConsumer"Consumer" means an individual who is a resident of this state. "Consumer" does not include an individual acting in a commercial or employment context or as an employee, owner, director, officer or contractor of a company, partnership, sole proprietorship, nonprofit organization or government agency whose communications or transactions with the controller occur solely within the context of that individual's role with the company, partnership, sole proprietorship, nonprofit organization or government agency.Conn. Gen. Stat. § 42-515(8) who has entered into a subscription-based contract or agreement at a price that is less than the price specified for the consumerConsumer"Consumer" means an individual who is a resident of this state. "Consumer" does not include an individual acting in a commercial or employment context or as an employee, owner, director, officer or contractor of a company, partnership, sole proprietorship, nonprofit organization or government agency whose communications or transactions with the controller occur solely within the context of that individual's role with the company, partnership, sole proprietorship, nonprofit organization or government agency.Conn. Gen. Stat. § 42-515(8) good or consumerConsumer"Consumer" means an individual who is a resident of this state. "Consumer" does not include an individual acting in a commercial or employment context or as an employee, owner, director, officer or contractor of a company, partnership, sole proprietorship, nonprofit organization or government agency whose communications or transactions with the controller occur solely within the context of that individual's role with the company, partnership, sole proprietorship, nonprofit organization or government agency.Conn. Gen. Stat. § 42-515(8) service in such contract or agreement.
(c) Any violation of the provisions of subsection (b) of this section shall constitute an unfair or deceptive trade practice for the purposes of subsection (a) of section 42-110b of the general statutes.
Section 11 creates a new standalone disclosure regime for personalized algorithmic pricing — i.e., any process that uses an algorithm to set the price of a consumer good or service based in whole or in part on personal data. Any person who uses such pricing and advertises, labels, or otherwise publishes the price must include the verbatim disclosure "THIS PRICE WAS SET BY AN ALGORITHM USING YOUR PERSONAL DATA" in the same medium as the price, with audio/visual/audiovisual conformity requirements.
The provision exempts insurance entities, GLBA-regulated financial institutions, banks supervised by the Connecticut Banking Commissioner, and subscription discount pricing. Violations are enforced as unfair or deceptive trade practices under § 42-110b (CUTPA), exposing violators to the full CUTPA remedy stack including private actions, actual and punitive damages, and attorney's fees.
(a)(6)(E) 2 if the profilingProfiling"Profiling" means any form of automated processing performed on personal data to evaluate, analyze or predict personal aspects related to an identified or identifiable individual's economic situation, health, personal preferences, interests, reliability, behavior, location or movements.Conn. Gen. Stat. § 42-515(32) decision concerned denial of an employment opportunity, taking into account the nature of the personal dataPersonal data"Personal data" means any information that is linked or reasonably linkable to an identified or identifiable individual. "Personal data" does not include de-identified data or publicly available information.Conn. Gen. Stat. § 42-515(28) and the purposes for which such personal dataPersonal data"Personal data" means any information that is linked or reasonably linkable to an identified or identifiable individual. "Personal data" does not include de-identified data or publicly available information.Conn. Gen. Stat. § 42-515(28) were processed, allow the consumerConsumer"Consumer" means an individual who is a resident of this state. "Consumer" does not include an individual acting in a commercial or employment context or as an employee, owner, director, officer or contractor of a company, partnership, sole proprietorship, nonprofit organization or government agency whose communications or transactions with the controller occur solely within the context of that individual's role with the company, partnership, sole proprietorship, nonprofit organization or government agency.Conn. Gen. Stat. § 42-515(8) to be informed whether any personal dataPersonal data"Personal data" means any information that is linked or reasonably linkable to an identified or identifiable individual. "Personal data" does not include de-identified data or publicly available information.Conn. Gen. Stat. § 42-515(28) processed for the purposes of such profilingProfiling"Profiling" means any form of automated processing performed on personal data to evaluate, analyze or predict personal aspects related to an identified or identifiable individual's economic situation, health, personal preferences, interests, reliability, behavior, location or movements.Conn. Gen. Stat. § 42-515(32) were submitted by a third party, allow the consumerConsumer"Consumer" means an individual who is a resident of this state. "Consumer" does not include an individual acting in a commercial or employment context or as an employee, owner, director, officer or contractor of a company, partnership, sole proprietorship, nonprofit organization or government agency whose communications or transactions with the controller occur solely within the context of that individual's role with the company, partnership, sole proprietorship, nonprofit organization or government agency.Conn. Gen. Stat. § 42-515(8) to correct any incorrect personal dataPersonal data"Personal data" means any information that is linked or reasonably linkable to an identified or identifiable individual. "Personal data" does not include de-identified data or publicly available information.Conn. Gen. Stat. § 42-515(28) submitted by a third party that were processed for purposes of such profilingProfiling"Profiling" means any form of automated processing performed on personal data to evaluate, analyze or predict personal aspects related to an identified or identifiable individual's economic situation, health, personal preferences, interests, reliability, behavior, location or movements.Conn. Gen. Stat. § 42-515(32) and have the profilingProfiling"Profiling" means any form of automated processing performed on personal data to evaluate, analyze or predict personal aspects related to an identified or identifiable individual's economic situation, health, personal preferences, interests, reliability, behavior, location or movements.Conn. Gen. Stat. § 42-515(32) decision reevaluated based on the corrected personal dataPersonal data"Personal data" means any information that is linked or reasonably linkable to an identified or identifiable individual. "Personal data" does not include de-identified data or publicly available information.Conn. Gen. Stat. § 42-515(28)
Section 14 amends the CTDPA's consumer rights section to add a new right (subparagraph (E)) for consumers whose personal data was processed via profiling that produced an automated decision denying an employment opportunity. The new right entitles the consumer to: (i) be informed whether any of the profiling input data was submitted by a third party, (ii) correct any incorrect third-party data, and (iii) have the profiling decision re-evaluated using the corrected data. This is a meaningful expansion beyond the existing housing-only correction-and-reevaluation right (subparagraph (D)).
This obligation runs to controllers using AI/automated profiling in hiring decisions and creates a contestation pathway distinct from the general right to opt out of profiling.
(a)(2) The provisions of subdivision (1) of this subsection shall not be construed to excuse a controllerController"Controller" means a person who, alone or jointly with others, determines the purpose and means of processing personal data.Conn. Gen. Stat. § 42-515(11) from performing the controllerController"Controller" means a person who, alone or jointly with others, determines the purpose and means of processing personal data.Conn. Gen. Stat. § 42-515(11)'s duties in response to the exercise of a consumerConsumer"Consumer" means an individual who is a resident of this state. "Consumer" does not include an individual acting in a commercial or employment context or as an employee, owner, director, officer or contractor of a company, partnership, sole proprietorship, nonprofit organization or government agency whose communications or transactions with the controller occur solely within the context of that individual's role with the company, partnership, sole proprietorship, nonprofit organization or government agency.Conn. Gen. Stat. § 42-515(8)'s rights afforded under subdivision (6) of subsection (a) of section 42-518, as amended by this act, insofar as such controllerController"Controller" means a person who, alone or jointly with others, determines the purpose and means of processing personal data.Conn. Gen. Stat. § 42-515(11) is processing the consumerConsumer"Consumer" means an individual who is a resident of this state. "Consumer" does not include an individual acting in a commercial or employment context or as an employee, owner, director, officer or contractor of a company, partnership, sole proprietorship, nonprofit organization or government agency whose communications or transactions with the controller occur solely within the context of that individual's role with the company, partnership, sole proprietorship, nonprofit organization or government agency.Conn. Gen. Stat. § 42-515(8)'s personal dataPersonal data"Personal data" means any information that is linked or reasonably linkable to an identified or identifiable individual. "Personal data" does not include de-identified data or publicly available information.Conn. Gen. Stat. § 42-515(28) by automated means for purposes of profilingProfiling"Profiling" means any form of automated processing performed on personal data to evaluate, analyze or predict personal aspects related to an identified or identifiable individual's economic situation, health, personal preferences, interests, reliability, behavior, location or movements.Conn. Gen. Stat. § 42-515(32) in furtherance of a solely automated decision that results in the provision or denial by the controllerController"Controller" means a person who, alone or jointly with others, determines the purpose and means of processing personal data.Conn. Gen. Stat. § 42-515(11) to the consumer of any employment opportunity.
Section 13 narrows the CTDPA's entity-level exemptions (covered entities, financial institutions, etc.) by carving out a specific category: those exemptions do not excuse a controller from honoring a consumer's profiling rights under § 42-518(a)(6) when the controller is using automated profiling to make a solely automated decision denying an employment opportunity. The effect is that even otherwise-exempt entities (e.g., HIPAA covered entities, GLBA institutions) must comply with the new employment-profiling contestation rights in Section 14.
(a)(2)(A) 3 Notwithstanding the provisions of subparagraph (I) of subdivision (1) of this subsection, no controllerController"Controller" means a person who, alone or jointly with others, determines the purpose and means of processing personal data.Conn. Gen. Stat. § 42-515(11), processorProcessor"Processor" means a person who processes personal data on behalf of a controller.Conn. Gen. Stat. § 42-515(31) or consumer health data controllerConsumer health data controller"Consumer health data controller" means any controller that, alone or jointly with others, determines the purpose and means of processing consumer health data.Conn. Gen. Stat. § 42-515(10) shall use any facial recognition technologyFacial recognition technology"Facial recognition technology" means any technology that (A) analyzes facial features in still images or video, and (B) is used (i) to assign a unique persistent identifier, or (ii) to uniquely and personally identify a specific individual.Conn. Gen. Stat. § 42-515(17) to prevent, detect, protect against or respond to security incidents, identity theft, fraud, harassment, malicious or deceptive activities or any illegal activity, preserve the integrity or security of systems or investigate, report or prosecute those responsible for any such action, unless: (i) Such facial recognition technologyFacial recognition technology"Facial recognition technology" means any technology that (A) analyzes facial features in still images or video, and (B) is used (i) to assign a unique persistent identifier, or (ii) to uniquely and personally identify a specific individual.Conn. Gen. Stat. § 42-515(17) is used exclusively by such controllerController"Controller" means a person who, alone or jointly with others, determines the purpose and means of processing personal data.Conn. Gen. Stat. § 42-515(11), processorProcessor"Processor" means a person who processes personal data on behalf of a controller.Conn. Gen. Stat. § 42-515(31) or consumer health data controllerConsumer health data controller"Consumer health data controller" means any controller that, alone or jointly with others, determines the purpose and means of processing consumer health data.Conn. Gen. Stat. § 42-515(10) to match still images or video to a database maintained exclusively by such controllerController"Controller" means a person who, alone or jointly with others, determines the purpose and means of processing personal data.Conn. Gen. Stat. § 42-515(11), processorProcessor"Processor" means a person who processes personal data on behalf of a controller.Conn. Gen. Stat. § 42-515(31) or consumer health data controllerConsumer health data controller"Consumer health data controller" means any controller that, alone or jointly with others, determines the purpose and means of processing consumer health data.Conn. Gen. Stat. § 42-515(10); and (ii) clearly legible signage is posted, at each entrance to the premises where the facial recognition technologyFacial recognition technology"Facial recognition technology" means any technology that (A) analyzes facial features in still images or video, and (B) is used (i) to assign a unique persistent identifier, or (ii) to uniquely and personally identify a specific individual.Conn. Gen. Stat. § 42-515(17) described in subparagraph (A)(i) of this subdivision is in use, (I) alerting consumersConsumer"Consumer" means an individual who is a resident of this state. "Consumer" does not include an individual acting in a commercial or employment context or as an employee, owner, director, officer or contractor of a company, partnership, sole proprietorship, nonprofit organization or government agency whose communications or transactions with the controller occur solely within the context of that individual's role with the company, partnership, sole proprietorship, nonprofit organization or government agency.Conn. Gen. Stat. § 42-515(8) entering such premises that facial recognition technologyFacial recognition technology"Facial recognition technology" means any technology that (A) analyzes facial features in still images or video, and (B) is used (i) to assign a unique persistent identifier, or (ii) to uniquely and personally identify a specific individual.Conn. Gen. Stat. § 42-515(17) is in use at such premises, and (II) that includes a conspicuous hyperlink or quick response code that directs consumersConsumer"Consumer" means an individual who is a resident of this state. "Consumer" does not include an individual acting in a commercial or employment context or as an employee, owner, director, officer or contractor of a company, partnership, sole proprietorship, nonprofit organization or government agency whose communications or transactions with the controller occur solely within the context of that individual's role with the company, partnership, sole proprietorship, nonprofit organization or government agency.Conn. Gen. Stat. § 42-515(8) to the privacy policy maintained by such controllerController"Controller" means a person who, alone or jointly with others, determines the purpose and means of processing personal data.Conn. Gen. Stat. § 42-515(11), processorProcessor"Processor" means a person who processes personal data on behalf of a controller.Conn. Gen. Stat. § 42-515(31) or consumer health data controllerConsumer health data controller"Consumer health data controller" means any controller that, alone or jointly with others, determines the purpose and means of processing consumer health data.Conn. Gen. Stat. § 42-515(10).
(a)(2)(B) 4 Each privacy policy maintained pursuant to subparagraph (A)(ii)(II) of this subdivision shall require the controllerController"Controller" means a person who, alone or jointly with others, determines the purpose and means of processing personal data.Conn. Gen. Stat. § 42-515(11), processorProcessor"Processor" means a person who processes personal data on behalf of a controller.Conn. Gen. Stat. § 42-515(31) or consumer health data controllerConsumer health data controller"Consumer health data controller" means any controller that, alone or jointly with others, determines the purpose and means of processing consumer health data.Conn. Gen. Stat. § 42-515(10) to: (i) Enable a consumerConsumer"Consumer" means an individual who is a resident of this state. "Consumer" does not include an individual acting in a commercial or employment context or as an employee, owner, director, officer or contractor of a company, partnership, sole proprietorship, nonprofit organization or government agency whose communications or transactions with the controller occur solely within the context of that individual's role with the company, partnership, sole proprietorship, nonprofit organization or government agency.Conn. Gen. Stat. § 42-515(8) to (I) readily determine whether the consumerConsumer"Consumer" means an individual who is a resident of this state. "Consumer" does not include an individual acting in a commercial or employment context or as an employee, owner, director, officer or contractor of a company, partnership, sole proprietorship, nonprofit organization or government agency whose communications or transactions with the controller occur solely within the context of that individual's role with the company, partnership, sole proprietorship, nonprofit organization or government agency.Conn. Gen. Stat. § 42-515(8) is included in the database described in subparagraph (A)(i) of this subdivision, and (II) if the consumerConsumer"Consumer" means an individual who is a resident of this state. "Consumer" does not include an individual acting in a commercial or employment context or as an employee, owner, director, officer or contractor of a company, partnership, sole proprietorship, nonprofit organization or government agency whose communications or transactions with the controller occur solely within the context of that individual's role with the company, partnership, sole proprietorship, nonprofit organization or government agency.Conn. Gen. Stat. § 42-515(8) is included in such database, submit to such controllerController"Controller" means a person who, alone or jointly with others, determines the purpose and means of processing personal data.Conn. Gen. Stat. § 42-515(11), processorProcessor"Processor" means a person who processes personal data on behalf of a controller.Conn. Gen. Stat. § 42-515(31) or consumer health data controllerConsumer health data controller"Consumer health data controller" means any controller that, alone or jointly with others, determines the purpose and means of processing consumer health data.Conn. Gen. Stat. § 42-515(10) a written request that such consumerConsumer"Consumer" means an individual who is a resident of this state. "Consumer" does not include an individual acting in a commercial or employment context or as an employee, owner, director, officer or contractor of a company, partnership, sole proprietorship, nonprofit organization or government agency whose communications or transactions with the controller occur solely within the context of that individual's role with the company, partnership, sole proprietorship, nonprofit organization or government agency.Conn. Gen. Stat. § 42-515(8) be removed from such database; and (ii) not later than fifteen days after such controllerController"Controller" means a person who, alone or jointly with others, determines the purpose and means of processing personal data.Conn. Gen. Stat. § 42-515(11), processorProcessor"Processor" means a person who processes personal data on behalf of a controller.Conn. Gen. Stat. § 42-515(31) or consumer health data controllerConsumer health data controller"Consumer health data controller" means any controller that, alone or jointly with others, determines the purpose and means of processing consumer health data.Conn. Gen. Stat. § 42-515(10) receives a written request submitted under subparagraph (B)(i)(II) of this subdivision, (I) either grant or deny such request, and (II) send a written notice to the consumerConsumer"Consumer" means an individual who is a resident of this state. "Consumer" does not include an individual acting in a commercial or employment context or as an employee, owner, director, officer or contractor of a company, partnership, sole proprietorship, nonprofit organization or government agency whose communications or transactions with the controller occur solely within the context of that individual's role with the company, partnership, sole proprietorship, nonprofit organization or government agency.Conn. Gen. Stat. § 42-515(8) who submitted such request disclosing such controllerController"Controller" means a person who, alone or jointly with others, determines the purpose and means of processing personal data.Conn. Gen. Stat. § 42-515(11)'s, processorProcessor"Processor" means a person who processes personal data on behalf of a controller.Conn. Gen. Stat. § 42-515(31)'s or consumer health data controllerConsumer health data controller"Consumer health data controller" means any controller that, alone or jointly with others, determines the purpose and means of processing consumer health data.Conn. Gen. Stat. § 42-515(10)'s decision, the reasons therefor and, if such controllerController"Controller" means a person who, alone or jointly with others, determines the purpose and means of processing personal data.Conn. Gen. Stat. § 42-515(11), processorProcessor"Processor" means a person who processes personal data on behalf of a controller.Conn. Gen. Stat. § 42-515(31) or consumerConsumer"Consumer" means an individual who is a resident of this state. "Consumer" does not include an individual acting in a commercial or employment context or as an employee, owner, director, officer or contractor of a company, partnership, sole proprietorship, nonprofit organization or government agency whose communications or transactions with the controller occur solely within the context of that individual's role with the company, partnership, sole proprietorship, nonprofit organization or government agency.Conn. Gen. Stat. § 42-515(8) health controllerController"Controller" means a person who, alone or jointly with others, determines the purpose and means of processing personal data.Conn. Gen. Stat. § 42-515(11) denied such request, contact information for the office of the Attorney General.
Section 17 adds a new subdivision (2) to § 42-524(a) restricting controllers, processors, and consumer health data controllers from using facial recognition technology under the CTDPA's existing fraud-prevention/security-incident exception unless two conditions are met: (i) the FRT is used only against a database the entity itself maintains, and (ii) the entity posts clearly legible signage at every entrance to the premises alerting consumers and linking to a privacy policy.
The required privacy policy must enable consumers to determine whether they appear in the FRT database, request removal in writing, and receive a written grant/denial decision within 15 days that includes the AG's contact information if denied. This is a substantive transparency-and-consumer-rights regime layered on top of the CTDPA framework specifically for FRT deployments.
§ 42-520(a)(3) 5 No controllerController"Controller" means a person who, alone or jointly with others, determines the purpose and means of processing personal data.Conn. Gen. Stat. § 42-515(11) shall sell, share or transfer, or allow any other personPerson"Person" means any individual, association, corporation, limited liability company, partnership, trust or other legal entity.Section 11(a)(6) to access, precise geolocation data.
§ 42-521(a)(2) 5 No processorProcessor"Processor" means a person who processes personal data on behalf of a controller.Conn. Gen. Stat. § 42-515(31) shall sell, share or transfer, or allow any other personPerson"Person" means any individual, association, corporation, limited liability company, partnership, trust or other legal entity.Section 11(a)(6) to access, precise geolocation data.
Sections 15 and 16 add parallel prohibitions barring controllers (§ 42-520(a)(3)) and processors (§ 42-521(a)(2)) from selling, sharing, or transferring precise geolocation data, or allowing any other person to access it. This is a hard ban — not consent-gated — and applies regardless of consumer authorization. Although precise geolocation is not AI-specific, it is the kind of input that powers profiling, automated decisioning, and personalized algorithmic pricing under this same bill.