incidents impacting biometrics. Further, the CPA strengthened Colorado’s approach to children’s privacy because businesses will need to get a data protection impact assessment where there is a heightened risk to minors from offering online sources and parental consent is required before processing a minor’s data for targeted advertising (SB 24-041). Additionally, CPA was amended to categorize precise geolocation data, which is location data within 1,850 ft of radius of a person, as sensitive data and states that a business cannot process or sell a consumer’s sensitive data without first obtaining their consent. Connecticut The law applies to entities that either control and/or process personal data of 35,000 consumers or more per year, excluding personal data controlled or processed solely for the purpose of completing a payment transaction, or control or process consumers’ sensitive data (excluding personal data controlled or processed solely for completing a payment transaction), or offer consumers’ personal data for sale in trade or commerce. The Connecticut law gives consumers the right to know whether a business collects data about them, as well as to request corrections to or deletion of their personal data controlled by the business. The law also gives consumers the right to opt out of data collection and processing for the purposes of targeted advertising, sale, or automated decision-making based on data profiling—all opt-outs that are similar to provisions in other states’ comprehensive data privacy laws. The amended Connecticut law, SB 1295, also expanded consumer privacy rights giving consumers the right to request a list of the third parties to which a business has sold their personal data to. The law creates affirmative obligations for covered businesses to limit data processing to what is “reasonably necessary” but also proportionate for their purposes, provide a way for consumers to revoke their consent to data processing, and protect consumers’ data with adequate cybersecurity practices. Further, a business entity’s privacy notice must be available
131
Made with FlippingBook - Online Brochure Maker