(Hartford, CT) – Attorney General William Tong today advised Connecticut consumers and businesses of new rights and requirements set to go into effect on January 1, 2025 regarding opt out rights under the Connecticut Data Privacy Act (CTDPA).

“We’re all familiar now with the ‘ask site not to track’ pop-ups. Starting January 1, you can install a simple browser extension to answer that question once and for all—and sites you visit will be responsible for knowing and following your preference. This is a key step forward for consumer privacy rights, and I urge consumers on January 1 to take advantage of this right to control their data,” said Attorney General Tong.

The CTDPA was enacted in July of last year—one of the first comprehensive consumer privacy laws in the country. Several of the CTDPA’s key provisions have subsequent effective dates, including a critical requirement that controllers honor global opt out preference signals (“OOPS”) sent by consumers. The OOPS provisions allow consumers the ability to opt out of targeted advertising and the sale of their personal data across all activities online in one place.

Beginning on January 1, 2025, Connecticut consumers can send their OOPS through a variety of platforms to “signal” to websites that they are opting out of targeted advertising and the sale of their personal data. Each consumer’s opt out “signal” will be sent automatically by using, for example, the Global Privacy Control through a privacy protective browser or browser extension. Over 40 million people already use the GPC.

All businesses covered by the CTDPA must respond to a consumer’s OOPS. This signal must be sent from a platform or mechanism that enables the business to accurately determine whether the consumer is a Connecticut resident. If a consumer’s OOPS conflicts with that consumer’s previously given privacy choice or their voluntary participation in that business’s loyalty rewards or discount program, the business must still comply with the OOPS. Though, the business may notify the consumer of the conflicting signals and ask the consumer to confirm their choice with the understanding that it would affect their previously given privacy choice or participation in their loyalty rewards or discount program.

Effective January 1, 2025, businesses subject to the CTDPA must treat Connecticut residents’ privacy preferences submitted through browser signals as requests to opt-out of sales or targeted advertising. To implement the GPC, businesses can get started here.

Consumers should note that not all Connecticut businesses are covered by the CTDPA. The law includes specific revenue thresholds and exempts certain industries regulated by other privacy frameworks—such as health care companies subject to the Health Insurance Portability and Accountability Act of 1966 (HIPAA).

For more information about the CTDPA, visit the Attorney General’s FAQ page here.

For more information on the DOT bridge project virtual public informational meeting for the project go here: https://portal.ct.gov/dotstratfordmilford0301-0557?language=en_US

The meeting will be held on Thursday, January 9, 2025, at 6:00 p.m.