Connecticut Overhauls Data Privacy Law with New AI and Consumer Protections

3 min readSources: National Law Review

Connecticut’s revamped Data Privacy Act with new AI and consumer provisions takes effect October 1, 2026.

Why it matters: Legal and compliance teams must navigate sweeping changes affecting consumer privacy and business data handling in Connecticut. This update signals a broader trend of state-level privacy regulation with specialized AI requirements.

  • Governor Ned Lamont signed Senate Bill 4 on May 27, 2026, amending Connecticut’s Data Privacy Act.
  • The amendments take effect October 1, 2026, including a data broker registry and consumer data deletion rights.
  • New rules ban use of personal data for pricing and forbid sale of precise geolocation data of residents.
  • AI developers face transparency, disclosure duties, especially for employment-related AI effective October 1, 2027.
  • Direct-to-consumer genetic testing companies must now obtain consumer consent before using genetic data.

On May 27, 2026, Connecticut Governor Ned Lamont signed Senate Bill 4 (SB 4), introducing significant amendments to the Connecticut Data Privacy Act (CTDPA). The revisions, effective October 1, 2026, expand and strengthen consumer data protections and impose new compliance requirements on businesses operating in Connecticut, a key market in the United States (Mintz).

SB 4 establishes a data broker registry that mandates data brokers to register with the state and provide consumers with an accessible mechanism to delete their personal data. The law also prohibits businesses from leveraging personal data to determine pricing for goods and services, effectively barring discriminatory pricing practices (InsidePrivacy).

Additionally, the sale of precise geolocation data of Connecticut residents is banned, responding to growing privacy concerns around location tracking (Wilson Sonsini).

Direct-to-consumer genetic testing companies now face explicit requirements to obtain consumer consent before collecting, using, or disclosing genetic information, placing consumer autonomy at the forefront of sensitive data handling (InsidePrivacy).

The amendments also pioneer comprehensive rules for artificial intelligence technologies. Developers and deployers must ensure transparency and disclose relevant information, particularly for AI systems used in employment decisions. These AI provisions take effect October 1, 2026, with employment-related AI obligations applying for systems deployed on or after October 1, 2027 (Holland & Knight).

Connecticut’s Attorney General William Tong underscored the state's commitment to data privacy enforcement, highlighting active investigations into online platforms focusing on children’s safety online (Connecticut Attorney General).

These reforms align Connecticut’s privacy laws more closely with other comprehensive state laws, positioning it as a leader in shaping privacy protections amid rapidly evolving technology landscapes.

By the numbers:

  • October 1, 2026 — Effective date of SB 4 amendments including AI transparency rules
  • October 1, 2027 — Employment-related AI obligations apply to systems deployed on or after this date
  • May 27, 2026 — Date Governor Ned Lamont signed Senate Bill 4