State Senator to Seek Connecticut Delete Act Next Year
Connecticut could next year pass legislation like the California Delete Act and create a data broker registry, state Sen. James Maroney (D), author of Connecticut’s comprehensive privacy law, said on Marketecture’s The Monopoly Report podcast Wednesday. However, he said Connecticut would likely try to share the accessible deletion mechanism now under development at the California Privacy Protection Agency (CPPA).
Sign up for a free preview to unlock the rest of this article
Export Compliance Daily combines U.S. export control news, foreign border import regulation and policy developments into a single daily information service that reliably informs its trade professional readers about important current issues affecting their operations.
In the wake of the shootings of state legislators in Minnesota earlier this year, “there is a lot of talk of states doing … some form of [New Jersey's] Daniel's Law,” said Maroney. However, “likely in Connecticut we’re looking at doing the Delete Act from California,” requiring a data broker registry and a mechanism for consumers to easily request deletion of their personal data.
However, the lawmaker doesn’t think it would make sense for a state as small as Connecticut to develop its own deletion mechanism. So, he’s considering if there's a way for the state to in "some way combine” with California’s Delete Request and Opt-Out Platform (DROP). Maroney added that Connecticut’s proposed Delete Act would likely have a delayed implementation date. The bill would set the date at February 2028, a Maroney spokesperson told Privacy Daily on Wednesday.
At a CPPA Board meeting in July, Executive Director Tom Kemp said the agency aims to make DROP a model that other states could adopt and that it's open to partnerships (see 2507240070).
Connecticut has twice updated the 2022 Connecticut Data Privacy Act (CTDPA), and Maroney signaled that this work isn’t over. “We're writing laws,” he said. “We're not etching commandments in stone tablets.” He added that his legislative committee approves "a liquor law every year -- and liquor is thousands of years old. So, I think we'll be back to modify the privacy law.”
Beyond some technical cleanup of the law, Maroney said he might consider revising the CTDPA’s definition of publicly available information. "We tried to narrow that" in 2025 but "didn't end up doing that very much last year.”
The senator said he planned to review the definition that Vermont used in its age-appropriate design code law. Vermont enacted it earlier this year (see 2506120094). The Vermont law defines publicly available information as content “made available through federal, state, or local government records or to the general public from widely distributed media” or that “a covered business has a reasonable basis to believe that the consumer has lawfully made available to the general public.” The law also lists several things that are excluded from the definition.
In addition, Maroney said on the podcast that he plans to introduce a chatbot bill next year based on the California law signed earlier this month (see 2510140010).
Maroney said his multistate AI policymaker working group resumed meeting about two weeks ago, and plans more meetings soon. It had been “on pause” after the Future of Privacy Forum withdrew from helping to facilitate the effort amid criticism of FPF from U.S. Sen. Ted Cruz, R-Texas (see 2504220040). Maroney said that Princeton University’s Center for Information Technology Policy has taken over as the group’s facilitator.
One planned meeting for the AI working group will discuss enforcement of state privacy laws, said Maroney, “because, really, a state privacy law is the basis for ... anything you're going to do with AI.”