US Chamber Joins Growing Opposition to Data Privacy Bill

The U.S. Chamber of Commerce this week joined a growing list of trade organizations and local chambers of commerce opposing proposed changes to Connecticut’s data privacy law.

In a May 8 letter to Gov. Ned Lamont, chamber officials urged him to veto SB 1356 if it reaches his desk. 

SB 1356 significantly changes the Connecticut Data Privacy Act by lowering the compliance threshold and adding strict rules around how companies can use data.

The bill’s proposed adjustments to applicability thresholds places an outsized burden on small and medium-sized employers in Connecticut.

Adopted in 2022, the CTDPA was a compromise with the business community to implement one of the first comprehensive laws in the country to provide residents with certain rights over personal data and established responsibilities and privacy protection standards for data controllers.

The law has since been cited across the country as a model legislation adopted in other states.

‘Drastic Change’

According to the Attorney General’s Office, as of Jan. 1, 2025, businesses covered under the act must honor universal opt-out preference signals sent by Connecticut residents. 

“SB 1356 would drastically change Connecticut’s data minimization standard and effectively prohibit the collection of data beyond providing or maintaining a product or service specifically requested by a consumer,” Michael Blanco, the chamber’s director of state and local policy, noted in the letter.

“This would significantly inhibit innovation as covered entities may cease to pursue consumer-friendly business uses for data throughout different times of product and service development.”

The U.S. Chamber’s Michael Blanco said the bill will “significantly inhibit innovation.”

The U.S. Chamber also raised concerns about the proposed compliance threshold changes.

The CTDPA currently provides exemptions to businesses that process the personal data of 100,000 consumers or less or process the personal data of 25,000 consumers or less and derive 25% or less of their yearly revenue from the sale of data.

These thresholds were part of the original compromise to protect small businesses from the costly burdens of CTDPA compliance.

Small Business Impact

SB 1356, however, drastically reduces these thresholds, exempting only covered entities that annually process the personal data of 35,000 consumers or less or process the personal data of 10,000 consumers or less and derive 20% or less of their revenue from the sale of data. 

The chamber raised concerns that “the reduced threshold could subject companies like food trucks and coffee shops that conduct only 96 unique transactions a day to complex data minimization standards.”

The proposed threshold changes will leave Connecticut small businesses at a significant disadvantage.

In testimony in opposition to the bill, CBIA’s Chris Davis warned that a family-owned retailer or restaurant with less than 20 employees, handling modest customer data for loyalty programs, could now face the same regulatory demands as a multinational corporation.

The proposed threshold changes will leave Connecticut small businesses at a significant disadvantage versus their competitors in other states with less stringent data requirements.

The bill now awaits action in the state Senate.

---

For more information, contact CBIA’s CBIA’s Chris Davis (860.244.1931).