By Mark Sanborn
Senior Product and Regulatory Counsel
Effective January 1, 2025, the Connecticut Data Privacy Act introduced new requirements for Connecticut businesses and enhanced rights for consumers. Below is a summary of the key changes:
1. Opt-Out Preference Signals.
As of January 1, 2025, the CTDPA mandates that covered businesses honor global opt-out preference signals (OOPS) from consumers. These signals, communicated via tools like the Global Privacy Control (GPC) through browsers or extensions, serve as formal requests to opt out of targeted advertising and the sale of personal data. Businesses must comply with these signals regardless of any prior consumer choices, including participation in loyalty programs.
2. Elimination of the Right to Cure Alleged Violations.
Beginning January 1, 2025, the Attorney General is no longer required to provide a 60-day notice and opportunity to cure alleged violations before pursuing enforcement actions under the CTDPA. Previously, businesses had a two-month window to address potential non-compliance after receiving notice. That right to cure automatically expired under the terms of the CTDPA on December 31, 2024. This means that Connecticut businesses will no longer have an opportunity to fix any issues that may arise under the CTDPA, greatly emphasizing the need for proactive compliance.
Compliance for ComplyAuto Privacy Customers
ComplyAuto Privacy customers are already equipped to meet these requirements. The ComplyAuto website banner automatically detects and honors “do not track” and GPC signals, ensuring seamless compliance with the CTDPA’s opt-out preference signal mandates. No additional action is required on the part of ComplyAuto customers to adhere to these updated regulations. Reach out to ComplyAuto to learn more about the tools we make available to dealers to comply with the CTDPA and more.