Connecticut expands privacy law with facial recognition, age assurance rules
Connecticut expands privacy law with facial recognition, age assurance rules
Publish Date: 2026-06-03 09:42:00
Source Domain: www.biometricupdate.com
Connecticut has enacted a sweeping package of privacy, online safety, and AI measures that places the state among the most active in the country in regulating the commercial data economy and emerging algorithmic harms.
Gov. Ned Lamont signed Senate Bill 4 into law last Friday, creating a new state deletion system modeled on California’s Delete Act and expanding Connecticut’s existing consumer privacy framework.
The action follows Lamont’s signing of Senate Bill 5, a separate online safety and AI law that imposes new rules on AI companion chatbots, automated employment decision tools, synthetic media, and social media platforms used by minors.
Taken together, the two laws move Connecticut beyond a conventional consumer privacy model and toward a broader technology accountability framework.
SB 4 targets the underlying data economy by regulating data brokers, precise geolocation data, facial recognition, automated profiling, and automated license plate reader records.
SB 5 addresses the systems that use data and algorithms to influence behavior, simulate human interaction, make employment-related decisions, or expose minors to addictive online design features.
SB 4 directs the state to create an online deletion mechanism allowing residents to request removal of personal information from registered data brokers through a single portal, similar to California’s Delete Act framework. The law also requires broker registration, prohibits the sale of geolocation data and expands consumer rights over profiling and AI-related data uses.
The privacy package also expands the Connecticut Data Privacy Act, enacted in 2023. Beginning in July, the law will apply to businesses handling data from at least 35,000 consumers, down from 100,000. The law will also cover organizations that process sensitive data or sell personal information regardless of size, extending its reach to smaller but data-intensive firms.
The law also brings facial recognition more…
