Citizen Portal
Sign In

Get AI Briefings, Transcripts & Alerts on Local & National Government Meetings — Forever.

Claim Your Spot

House advances bill to give Connecticut residents a single portal to delete data, set new rules for data brokers

Connecticut House of Representatives · May 4, 2026
AI-Generated Content: All content on this page was generated by AI to highlight key points from the meeting. For complete details and context, we recommend watching the full video. so we can fix them.

Summary

Lawmakers debated and passed SB4, a sweeping consumer‑privacy measure to create a state portal to request deletion of personal data, require data‑broker registration and audits, limit certain surveillance pricing and add streaming ad‑volume and genetic‑data protections. Supporters said it makes privacy usable; skeptics pressed implementation and small‑business exemptions.

Representative Matt Lamar, chair of the General Law Committee, urged passage of a package of changes he said would make data privacy 'real and usable' for Connecticut residents by creating a single state portal where a person can ask data brokers to delete their information. "This bill begins to change that," Lamar told the House, describing a "1 request, 1 place" deletion mechanism and a requirement that companies that buy and sell personal information register with the Department of Consumer Protection and keep transparency records.

Supporters framed the bill as an extension of previous state privacy law, adding an accessible deletion process, registration and triennial audits for large data brokers, consumer‑facing status tracking on requests and new limits on so‑called surveillance pricing. Representative Lamar said the measure includes exemptions for federally regulated sectors (healthcare, financial institutions) and legitimate uses such as fraud prevention and research.

Members pressed sponsors about the scope and compliance burdens. Representative Luciano and others asked whether small retailers that use third‑party services like Shopify, MailChimp or delivery platforms would be captured by the law. Lamar repeatedly answered that the bill is aimed at entities that buy and sell or license personal data on a broad scale, and that small businesses that simply use a vendor would not be covered. He added that third‑party vendors that actively operate price‑setting devices would be covered.

The bill also adds language to address so‑called surveillance pricing — when prices are adjusted based on personal information or facial recognition — and requires disclosure when a personalized price has been set by a price‑setting device. Sponsors said the measure exempts routine merchant practices and preserves traditional market pricing while requiring transparency where individualized, opaque algorithmic pricing is used.

Other sections add consumer protections for direct‑to‑consumer genetic testing (affirmative consent before disclosure), require a triennial audit retained for six years for large data brokers, and a publicly accessible dashboard so brokers check for opt‑outs every 45 days and post annual compliance summaries.

After extended colloquy on verification (the bill relies on the Department of Consumer Protection’s verification procedure using a driver’s license or a vendor subject to the bill’s rules) and on the interaction with federal rules, the House voted in concurrence with the Senate to pass the bill as amended. Supporters said it makes privacy rights operational; opponents cautioned about implementation details and urged careful, clear rules for small businesses and vendors.

The bill passed in concurrence with the Senate; sponsors said the Department of Consumer Protection will publish implementation details and the portal’s verification processes during rulemaking and rollout.