Skip to content

State Children's Privacy Law Tracker / Connecticut

Connecticut Children's Privacy Laws (2026)

3 laws & bills tracked · overall: In force · current as of June 28, 2026

Connecticut has 3 tracked children's privacy laws and bills — each listed below with its status, the ages it covers, litigation posture, and a link to the official primary source. For the interactive view, open Connecticut in the tracker map.

An Act Concerning Online Safety (Substitute Senate Bill No. 5 / Public Act No. 26-15), Sec. 39 — social media covered-platform minor protections · SB 5 (2026); Public Act No. 26-15

Enacted — not yet effective Signed into law; its effective date is still in the future. · Social media · effective 2028-01-01 · binds platforms, operators

Ages: under 18 (covered minor)

Requires: Covered operators of a 'covered platform' (services that recommend/select/prioritize user-generated media items, i.e., personalized recommender/algorithmic feeds) must use commercially reasonable and technically feasible methods to determine whether a covered user is a covered minor (under 18), and for minors must obtain verifiable parental/guardian consent before serving personalized recommendations; includes default protections (limits on algorithmic-feed access, sensitive-content and unconnected-contact restrictions) and parental controls.

Litigation: No suit filed as of 2026-06-27. NetChoice and CCIA testified against SB 5 during the legislative session; Connecticut is not listed on NetChoice's litigation center as of 2026-06-27. Not enjoined.

Primary source

Connecticut minors' online data protection framework (CTDPA §§ 42-529a to 42-529b), as enacted by SB 1295 / Public Act 25-113 · SB 1295 (Public Act 25-113)

Enacted — not yet effective Signed into law; its effective date is still in the future. · Design code · effective 2026-07-01 · binds operators

Ages: Minors under 18 (consumers the controller has actual knowledge of, or wilfully disregards, are minors); under-13 parental consent satisfied via COPPA

Requires: A controller offering an online service, product or feature to consumers it knows (or wilfully disregards) are minors must use reasonable care to avoid any heightened risk of harm to minors, and may not use any system design feature to significantly increase, sustain or extend a minor's use of the service. It must provide default safeguards preventing adults from sending unsolicited communications to non-connected minors, may not deploy dark-pattern consent mechanisms, must limit precise geolocation collection to what is strictly necessary (with an on-signal), and must conduct data protection and profiling impact assessments addressing foreseeable harm to minors.

Primary source

Connecticut Data Privacy Act (CTDPA) — minors' provisions · SB 6 (2022, Public Act 22-15); amended by SB 3 (2023, Public Act 23-56)

In force Effective and enforceable today. · Privacy law (minors) · effective 2023-07-01 · binds operators

Ages: Consumers known to be 13–15 (under 16); children under 13 handled per COPPA

Requires: Under the currently in-force CTDPA, a controller must obtain opt-in consent before processing for targeted advertising, selling, or profiling the personal data of a consumer the controller knows (or wilfully disregards) is at least 13 but younger than 16. Personal data of a consumer known to be a child (under 13) must be processed in accordance with COPPA. Consent mechanisms may not use dark patterns to subvert user choice. (Effective July 1, 2026, SB 1295 replaces this consent model with a categorical ban on targeted advertising and sale of personal data for all known minors under 18.)

Primary source
Federal · COPPAapplies here too

Regardless of state law, COPPA governs personal information collected from children under 13: notice, verifiable parental consent, data minimization, and — under the 2025 amended Rule — limits on retention and third-party sharing.

Source

How Connecticut compares

Not legal advice. I build products for a living; I'm not a lawyer. Compiled from primary sources and reviewed monthly as part of the State Children's Privacy Law Tracker; AI-assisted research, verified against each law's official source — but laws and injunctions change fast, so confirm the latest before relying on it. Related: COPPA's Gray Areas.