Connecticut AG Clarifies AI Compliance Obligations Under CTDPA
Connecticut AG Clarifies AI Compliance Obligations Under CTDPA
Publish Date: 2026-03-30 12:35:00
Source Domain: www.hunton.com
-
Key Areas of Applicable Laws: The Connecticut Attorney General has provided guidance on the application of various existing laws, including civil rights laws, the Connecticut Data Privacy Act (CTDPA), safeguards and breach notification laws, and the Connecticut Unfair Trade Practices Act, to regulate the use of artificial intelligence (AI).
-
CTDPA Requirements for AI Use: Businesses utilizing AI systems must comply with CTDPA requirements, such as disclosing the use of personal data in AI models, properly disclosing data collected from third parties, and notifying consumers about changes to privacy practices concerning AI with mechanisms to withdraw consent.
-
Specific Obligations for Sensitive Data: The memorandum highlights specific obligations under the CTDPA for handling sensitive data like consumer health information, biometric data, and geolocation data with data protection assessments for high-risk activities to prevent harm to consumers.
-
Responsibilities for Minors’ Data: Companies dealing with minors must exercise reasonable care to prevent increased risks, and firms developing AI-driven products (like chatbots) are prohibited from using design features to excessively engage minors.
-
Additional Legislation Consideration: While existing laws apply to AI technologies, the Connecticut Attorney General believes the distinct risks posed by these technologies to minors necessitates targeted legislative measures to enhance protections for Connecticut residents.
