On April 28, 2022, the Connecticut State House passed Senate Bill (‘SB’) 6 for An Act Concerning Personal Data Privacy and Online Monitoring (‘the Act’), following its earlier passage by Connecticut’s Senate.  If enacted, the Act would take effect on 1 July 2023.

Like California, Virginia, and Colorado, the Act would include several consumer rights, including the rights of access, correction, deletion, data portability, and the right to opt-out of targeted advertising, the sale of personal data, and profiling for automated decision-making.  Moreover, in relation to opt-out rights, the Act would provide a requirement to allow consumers to opt-out of any processing of personal data for the purposes of targeted advertising, or any sale of such personal data, through an opt-out preference signal sent, by 1 January 2025.

Additionally, the Act would require data controllers to:

  • provide privacy notices in a clear, conspicuous manner and include ways in which consumer can opt-out;
  • establish, implement, and maintain reasonable administrative, technical, and physical data security practices to protect the confidentiality, integrity, and accessibility of personal data appropriate to the volume and nature of the personal data at issue;
  • ensure that contracts are in place with data processors; and
  • undertake and document data protection assessments for each of the controller’s processing activities that present a heightened risk of harm to a consumer.

The Governor has 15 days from the adjournment of the Connecticut Legislative session – which is due on 4 May 2022 – to either sign the Act, veto it, or allow it to become law at the end of 15 days with no signature.

Further Information.  If you have any questions about this or any other privacy law, please do not hesitate to reach out to one of the Contact Partners listed below.


This image has an empty alt attribute; its file name is Hengesbaugh_Brian.PNG
Brian Hengesbaugh
Harry Valetk
New York

Brian provides advice on global data privacy, data protection, cybersecurity, digital media, direct marketing information management, and other legal and regulatory issues. He is Chair of Baker McKenzie's Global Data Privacy and Security group.


Harry is a partner based in New York. He advises global organizations on privacy and data security compliance requirements. His practice is focused on delivering commercially practical advice on designing security, privacy, and technologically compliant solutions.