The Connecticut Attorney General’s Office (“OAG”) has released a Report on the status of Connecticut’s Data Privacy Act (“CTDPA”), which took effect on July 1, 2023. The Report covers complaints, inquiries, and early enforcement activities under the CTDPA.
The Report indicates that the OAG has issued over a dozen notices of violation of the CTDPA and a number of broader information requests to companies in a variety of industries, including retail, grocery, fitness, event services, career services, parenting technologies, car companies, genetics testing, and home improvement.
The Report highlights the OAG’s enforcement priorities in the following areas:
- Privacy policies (e.g., inadequate, confusing, or missing disclosures; ineffective rights mechanisms);
- Sensitive data (e.g., health data, biometric data, children’s data, and precise geolocation data);
- Teens’ data (e.g., regarding collection, targeting advertising, consent);
- Data brokers.
The Report also includes the OAG’s recommendations for strengthening the CTDPA, such as narrowing the law’s entity-level exceptions. The Report is also significant in that the AG’s office notes that it may pursue enforcement against companies already under investigation by the FTC.