Connecticut AG’s Report Reveals Privacy Enforcers Reaching Deeper Into Their State Laws

State privacy enforcement is maturing beyond the policing of privacy notices. The Connecticut AG’s new enforcement report (Report) details the office’s effort to use the state’s law to “focus on the entire data flow” for personal information and proposes a law change – now a bill in the Legislature – that would create a new universal deletion mechanism. The proposal provides a snapshot of harmonization efforts by enforcers in seven states, who announced a coalition one day before the Report’s release. This article analyzes the Report’s extended criticism of companies’ performances in breach reporting, drafting of privacy notices and possible use of dark patterns in their opt-out mechanisms, with comments from privacy leaders in Connecticut’s and Oregon’s AG offices and insights from experts at Cooley, Holland & Knight, Manatt and Orrick. See “California’s Delete Act Enforcement Sweep Takeaways” (Apr. 2, 2025).

To read the full article

Continue reading your article with a CSLR subscription.