Data Laws Reach Connecticut

July 28, 2023

In the recent months, we have seen the rollout worldwide of data laws. Many of them focus on issues of privacy and data protection of individuals. As covered in our blog, the European Union has already made great strides to protect user data. In the United States, Connecticut is now the latest state to pass a data privacy law making it the fifth U.S. state to do so. Read on to find out what the Connecticut Data Privacy Act (CTDPA) consists of and how it will affect you.

The Main Goals of CTDPA

Before going into detail, some key terms are crucial to understanding the new law. Data controllers are mentioned frequently and refer to: “An individual who, or legal entity that, alone or jointly with others determines the purpose and means of processing personal data.” Data Processors, another common term, are “an individual who, or legal entity that processes personal data on behalf of a controller.” These two terms are essential for comprehension. 


CTDPA took effect July 1st, 2023. The overall purpose of the CTDPA is to give Connecticut citizens rights over the processing of their personal data.  The law protects the privacy of Connecticut residents when in the context of personal time, meaning acts committed in the context of employment are not protected.

The CTDPA lays out a clear and comprehensive explanation of its principles. Data minimization is one of the main goals of the law. Collection of personal data should be limited only to what is considered “adequate, relevant, and reasonably necessary” based on the context of the situation.


Another important concern of the law is Purpose Limitation. Personal data should not be processed for unnecessary or unsuitable reasons that do not align with the "disclosed purposes”. In essence, companies must not stray from their original reasons for collecting data without consent of the consumer. 


Lastly, the final major stressor of the CTDPA is Confidentiality and Integrity. Data controllers are not just expected, but required to protect users’ information. Specifically, they must have sufficient security protocols in place.  The level of protection must fit the size and seriousness of the data. The law adds that data has to be processed legally in accordance with federal and state law which forbid discrimination against individuals.

Who Does CTDPA Apply To?

CTDPA is applicable to businesses and individuals that operate in the state. Also it applies to companies that have products or services directed at Connecticut residents. Data processors that facilitate services involving personal data for businesses are also subject to the law. The Attorney General of Connecticut is the office in charge of enforcing the CTDPA. 

Data Controller and Processor Obligations and Penalties 

Data controllers and processors of data are responsible for maintaining requirements of CTDPA. One of the key responsibilities is to de-identify data. Data should not be identifiable to a person; the CTDPA is very strict on this point. Furthermore, data controllers must document a Data Protection Assessment. In this assessment, data controllers are examining data processes that create a heightened risk to consumers like targeted advertising. Children’s data is another point of contention for the CTDPA. Controllers are not permitted to process the data of known children without parental consent, meaning children cannot receive targeted advertising. 

The processing of sensitive data is not allowed either without consent. Sensitive data includes data revealing race, ethnicity, religious beliefs, sexual orientation, citizenship, immigration status, information regarding an individual's mental or physical health condition or diagnosis, the processing of genetic personal data or biometric data, personal data collected from a known child, or precise geolocation data.

Data Subject Rights

Many consumers and businesses might wonder what exactly are the rights of Connecticut residents. CTDPA specifically outlines seven main rights designated to consumers:

  1. Right to be Informed 
  2. Consumers have the right to know if a controller is processing their personal data. 
  3. Controllers are required to provide consumers with a privacy notice. 
  4. Right to Access 
  5.  Consumers have the right to confirm whether or not a controller is processing their data and accessing personal data.
  6. Right to Rectification
  7.  Consumers have the right to correct inaccuracies in their data.
  8. Right to erasure 
  9. Consumers have the right to delete personal data about themselves, regardless of whether it was provided or obtained. 
  10. Right to object/opt out
  11. Consumers have the right to opt out of the processing of personal data for the purpose of targeted advertising, sale of personal data, and profiling for automated decisions. 
  12. Right to data portability 
  13.  Consumers have the right to obtain a copy of their personal data. 
  14. Right not to be subject to automated decision-making
  15. Consumers have the right to opt out of the processing of personal data for profiling purposes.

Connections To Other Laws 

CTDPA resembles a very similar law in Europe. The European Union GDPR law and Digital Services Act strongly resemble CTDPA. For more information about European laws, check out our blog post on the latest EU news. Although Connecticut took longer to address these topics than Europe, it is still one of the leading states in the U.S. for data protection and privacy. 


So, what does this law have to do with marketing? Well, laws like these are changing the entire landscape of today’s marketers. Targeted advertising is a slippery slope. Companies need to tread carefully on who they are targeting, how they are targeting, and when to give notice to users.

As we move forward into this new environment, you can count on SparkShoppe to deliver quality information on all marketing developments. Make sure to stay informed with our blog!

NewFronts and Upfronts 2025

May 28, 2025
For decades, TV Networks and Media outlets have used this time of year to announce large-scale changes launching in the coming months. Known as Upfronts and NewFronts, these events serve as the catalyst for change within the advertising industry. Upfronts tends to cater more towards television, streaming sites, etc., while NewFronts features social media’s household names like Meta and Snapchat. Read on to see what the biggest names in streaming, social media and television have in the works.
Woman on her phone

Marketing Trend Tracker - Series 19

May 15, 2025
The rapidly changing world of marketing and technology is ushering in significant trends reshaping how brands connect with audiences. Recently, established companies have been venturing into standalone app creation to address niche consumer needs, as seen with Instagram's "Edits" app for video creators and Instacart's "Fizz" app simplifying party planning. Meanwhile, advertising options are rapidly expanding both online and in-store, with Hy-Vee's partnership with Grocery TV revolutionizing retail media and LinkedIn launching advanced video ad tools to capitalize on rising engagement. Together, these developments underscore a broader shift towards personalized, data-driven strategies. Read on to see how companies are meeting the growing expectations of today’s consumers.

Public Relations and Marketing: Better Together

May 6, 2025
Marketing attracts your audience. Public Relations (PR) earns their trust. Alone, they're valuable. Together? They're pure gold. But too often, these two essential teams often work in isolation, leaving incredible opportunities on the table. It's time to move beyond these separate efforts and learn how to align them and embrace the power of their unified strength.
Post-It Note Stating Gen Z

Marketing Trend Tracker - Series 18

April 28, 2025
This installment of the Trend Tracker Series examines how the Gen Z effect is reshaping brand strategies around the world.

Size Matters: 2025 Social Sizing Guide

April 22, 2025
Perfecting your social media game starts with nailing one key detail: sizing. From profile pics to post images, every platform has unique size requirements. To make your content shine, you need to know these dimensions inside and out. Want to become a pro at perfecting post sizes? Check out these tips and tools to level up your social media game! Mastering social media sizes in 2025 doesn’t mean memorizing every pixel. Instead, cheat sheets are your best friend! Hootsuite’s updated 2025 guide offers a detailed list of image sizes across platforms, covering all your organic social media needs.

The Best Times To Post In 2025

April 21, 2025
The landscape of social media user activity continues to evolve in 2025, bringing new opportunities to fine-tune your posting strategy. Knowing when your audience is most active can help boost your organic reach. Across social media, the best time to post is on mid-week days, Wednesday and Thursday, from 7 am to 9am, 1 pm to 3 pm, and 7 pm to 9 pm. However, platforms tend to differ in what times are optimal. Check out the results from the following social media sites:
More Posts