Connecticut SB 4 — CTDPA Amendments: Data Broker Rules, Geolocation Sale Ban, Surveillance Pricing, Genetic Data

us-ct Oct 1, 2026 Tracker lead

What just shifted

What this adds: Connecticut's SB 4, amending the CTDPA, adds four distinct compliance layers effective between October 2026 and 2028: a ban on selling precise geolocation data, restrictions on 'surveillance pricing' (dynamic pricing based on personal data), data broker registration with financial penalties, and a consumer-property-rights framework for genetic data from direct-to-consumer testing.

What this puts in question: Whether your pricing engine, data broker relationships, and location-data handling practices are ready for October 2026, when Connecticut's geolocation and surveillance-pricing provisions take effect — less than four months away.

What clients should weigh

·The surveillance pricing restriction takes effect October 1, 2026 — four months from now. If your pricing algorithm incorporates any personal data about Connecticut consumers (browsing history, location, purchase history), Connecticut's new definition of 'surveillance pricing' may reach it. When did your team last audit what inputs your pricing model uses?

·The geolocation sale ban is also October 1. If you monetize precise location data, Connecticut has joined the states that prohibit that practice. Does your data-sharing agreement with location-data brokers or ad-tech partners specify what location data is covered and what rights you are licensing?

·The genetic data provisions give consumers property rights over biological samples. If your company operates direct-to-consumer genetic testing or processes genomic data for Connecticut residents, the express-consent and disclosure requirements are now law — confirm your consent flows are in place before October.

·This addresses CT SB 4 amending the CTDPA. It is distinct from the CT comprehensive AI governance statute (SB 2, enacted concurrently), which governs high-risk AI systems. Compliance with one does not imply compliance with the other.

Connecticut SB 4 (2026), signed May 27, 2026, amending Conn. Gen. Stat. §§ 42-515 et seq. (Connecticut Data Privacy Act)

Ready to use

To-be-edited before sending to a client.

Client alert

Watch item — no client alert until confirmed operative.

Blog post

Watch item — no blog post until confirmed operative.