Connecticut Data Privacy Act (CTDPA)
A practical compliance guide for website owners. Learn what Connecticut's privacy law requires and how to implement it on your site.
Who Must Comply
Conducts business in Connecticut or targets Connecticut residents AND during the prior year: controls/processes personal data of 100K+ consumers (excl. payment transactions), OR controls/processes data of 25K+ consumers and derives 25%+ revenue from selling personal data
What Your Website Must Do
| Requirement | Status |
|---|---|
| Cookie consent banner | Recommended |
| Do Not Sell link | Required |
| Do Not Share link | Required |
| Honor GPC browser signals | Required |
| Universal opt-out mechanism | Not required |
| Sensitive data opt-in consent | Required |
Required Links & Notices
The CTDPA requires the following links or notices to be visible on your website:
- 1Do Not Sell My Personal Data
- 2Privacy Policy
Enforcement & Penalties
Key Things to Know
Connecticut enacted one of the earlier comprehensive state privacy laws, effective July 2023. It closely resembles Virginia's VCDPA but with some important additions, including a requirement to honor universal opt-out mechanisms starting January 2025.
Key feature: Connecticut requires honoring GPC/universal opt-out signals. The cure period sunset in December 2024, meaning the AG can now take direct enforcement action without a cure notice.
How to Configure LegalBanner for CTDPA
- 1
Create your site
Sign up for free and add your website domain in the dashboard.
- 2
Set consent mode to "Opt-out"
In Settings, select the consent mode that matches Connecticut's requirements.
- 3
Install the snippet
Add the one-line script tag to your website. The banner, opt-out links, and GPC support are automatic.
- 4
Generate your Privacy Policy
Use the built-in policy wizard to generate a CTDPA-compliant privacy policy.
Set up CTDPA compliance in 5 minutes
LegalBanner handles Connecticut privacy requirements automatically — cookie banner, opt-out links, and GPC support included.
Frequently Asked Questions
Does Connecticut require a cookie consent banner?
The CTDPA does not require opt-in cookie consent. You must provide opt-out mechanisms for targeted advertising and sale of personal data. A cookie preference center is the recommended approach.
Does Connecticut require honoring GPC signals?
Yes. As of January 2025, Connecticut requires businesses to recognize and honor universal opt-out mechanisms including GPC. LegalBanner handles this automatically.
What are the penalties for CTDPA violations?
Violations are enforced under the Connecticut Unfair Trade Practices Act (CUTPA), with penalties up to $5,000 per willful violation. The 60-day cure period expired in December 2024.
Does the CTDPA have a private right of action?
No. Only the Connecticut Attorney General can enforce the CTDPA. Consumers cannot sue businesses directly for violations.
What consumer rights does the CTDPA provide?
The CTDPA provides rights to access, correct, delete, and port personal data. Consumers can also opt out of targeted advertising, sale of personal data, and profiling for decisions with legal or similarly significant effects.