LCO No. 4854 1 of 14
General Assembly Raised Bill No. 1103
January Session, 2023
LCO No. 4854
Referred to Committee on GENERAL LAW
Introduced by:
(GL)
AN ACT CONCERNING ARTIFICIAL INTELLIGENCE, AUTOMATED
DECISION-MAKING AND PERSONAL DATA PRIVACY.
Be it enacted by the Senate and House of Representatives in General
Assembly convened:
Section 1. (NEW) (Effective July 1, 2023) For the purposes of this 1
section and sections 2 to 5, inclusive, of this act: 2
(1) "Artificial Intelligence Officer" and "officer" mean the employee 3
designated pursuant to subdivision (1) of subsection (b) of section 2 of 4
this act; 5
(2) "Automated decision support system" means any automated 6
decision system that provides information for the purpose of informing 7
a conclusion, decision or judgment made by an individual on behalf of 8
a state agency; 9
(3) "Automated decision system" means any machine-based system 10
or application derived from machine learning or another artificial 11
intelligence technique that is developed, procured or implemented to 12
make, inform or support a critical decision made by a state agency; 13 Raised Bill No. 1103
LCO No. 4854 2 of 14
(4) "Automated final decision system" means any automated decision 14
system that makes a final conclusion, decision or judgment on behalf of 15
a state agency without any intervention by an individual acting on 16
behalf of the state agency; 17
(5) "Automated system" means any automated decision support 18
system, automated decision system or automated final decision system; 19
(6) "Automated system procedures" and "procedures" mean the 20
procedures developed and established pursuant to subsection (a) of 21
section 2 of this act; 22
(7) "Chief Information Officer" means the officer appointed pursuant 23
to subsection (a) of section 4d-2 of the general statutes; 24
(8) "Critical decision" means any decision or judgment that has any 25
legal, material or similarly significant effect on an individual's life 26
concerning access to, or the cost, terms or availability of, (A) education 27
and vocational training, including, but not limited to, assessment, 28
accreditation or certification, (B) employment, worker management or 29
self-employment, (C) essential utilities such as electricity, heat, water, 30
Internet or telecommunications access or transportation, (D) family 31
planning services, including, but not limited to, adoption services or 32
reproductive services, (E) financial services, including, but not limited 33
to, any financial service provided by a mortgage company, (F) services 34
from a creditor or mortgage broker, (G) health care, including, but not 35
limited to, mental health care, dental care or vision care, (H) housing or 36
lodging, including, but not limited to, any rental, short-term housing or 37
lodging, (I) legal services, including, but not limited to, private 38
mediation or arbitration, (J) government benefits, (K) public services, or 39
(L) any other opportunity, program or service; 40
(9) "Department" means the Department of Administrative Services; 41
(10) "Office of Artificial Intelligence" and "office" mean the office 42
established in subsection (a) of section 2 of this act; and 43 Raised Bill No. 1103
LCO No. 4854 3 of 14
(11) "State agency" means any department, board, commission, 44
council, institution, office, constituent unit of the state system of higher 45
education, technical education and career school or other agency in the 46
executive, legislative or judicial branch of state government. 47
Sec. 2. (NEW) (Effective July 1, 2023) (a) There is established within the 48
Department of Administrative Services an Office of Artificial 49
Intelligence. Said office shall be responsible for: 50
(1) Not later than July 1, 2024, developing and establishing, and 51
reviewing and updating at least annually thereafter, automated system 52
procedures for use by state agencies in designing, utilizing and 53
procuring automated systems, which procedures shall provide that each 54
state agency shall design, utilize and procure any automated system in 55
a manner that: 56
(A) Is consistent with all applicable laws of this state and federal law, 57
including, but not limited to, laws prohibiting discrimination and 58
addressing privacy, civil rights and civil liberties; 59
(B) Does not disproportionately impact any individual or group of 60
individuals, in violation of the laws of this state or federal law, on the 61
basis of any actual or perceived differentiating characteristic, including, 62
but not limited to, age, genetic information, color, ethnicity, race, creed, 63
religion, national origin, ancestry, sex, gender identity or expression, 64
sexual orientation, marital status, familial status, pregnancy, veteran 65
status, disability or lawful source of income; and 66
(C) Ensures that (i) the benefits of utilizing such automated system 67
outweigh the risks of utilizing such automated system, (ii) such 68
automated system is applied and utilized in a manner that is consistent 69
with the use cases for which such automated system was trained in 70
order to ensure accuracy, reliability and efficacy, (iii) such automated 71
system is safe, secure and resilient, including, but not limited to, when 72
such automated system is confronted with systematic vulnerabilities, 73
adversarial manipulation or other malicious exploitation, (iv) the 74
operations of, and outcomes generated by, such automated system are 75 Raised Bill No. 1103
LCO No. 4854 4 of 14
sufficiently understandable by subject matter experts and users, (v) 76
individual roles and responsibilities are clearly defined, understood and 77
appropriately assigned in a manner that is consistent with the purpose 78
for which each use of such automated system is intended, (vi) the 79
design, utilization and procurement of such automated system is, and 80
the inputs and outputs for applications of such automated system are, 81
documented and traceable, (vii) the design, development, procurement, 82
intended purposes and monitoring of such automated system is 83
transparent to the public under uniform protocols and public access 84
requirements concerning releases and posting of appropriate 85
information by each state agency utilizing such automated system, (viii) 86
data inputs utilized by such automated system are transparent under 87
the Freedom of Information Act, as defined in section 1-200 of the 88
general statutes, and (ix) such state agency (I) examines such automated 89
system, at least biennially, to ensure compliance with such automated 90
system procedures, (II) supersedes, disengages and deactivates any 91
application of such automated system that demonstrates performance 92
that is, or outcomes that are, inconsistent with such automated system 93
procedures or any other provision of this section, section 1 of this act or 94
sections 3 to 5, inclusive, of this act, (III) is transparent in disclosing any 95
information that is relevant to such state agency's use of such automated 96
system, (IV) implements safeguards to ensure that such automated 97
system is properly applied, utilized and functioning, and (V) provides 98
appropriate training to all personnel responsible for designing, utilizing 99
or procuring such automated system; 100
(2) Recommending to the General Assembly any legislation that the 101
office deems appropriate concerning the development, utilization and 102
procurement of automated systems by state agencies; 103
(3) Performing the review and inventory, and submitting the report, 104
required under section 3 of this act; 105
(4) Performing the duties required under section 4 of this act; and 106
(5) Preparing and submitting the report required under section 5 of 107 Raised Bill No. 1103
LCO No. 4854 5 of 14
this act. 108
(b) (1) The Commissioner of Administrative Services shall designate 109
an employee of the department to serve as the Artificial Intelligence 110
Officer. Such employee shall have: 111
(A) Extensive knowledge concerning artificial intelligence analysis, 112
governance, principles, practices, technology, terminology and trends; 113
and 114
(B) Experience in administration, planning, policy development, 115
project management and service coordination. 116
(2) The Artificial Intelligence Officer, under the supervision of the 117
Chief Information Officer, shall: 118
(A) Oversee the operations of the office; 119
(B) Manage the staff of the office; 120
(C) Ensure that the office performs the office's duties as set forth in 121
this section and sections 3 to 5, inclusive, of this act; and 122
(D) Contract with such third parties as the Artificial Intelligence 123
Officer deems necessary for the Office of Artificial Intelligence to 124
perform the office's, or the Artificial Intelligence Officer to perform the 125
officer's, duties under sections 3 and 4 of this act. 126
(c) The Office of Artificial Intelligence shall be subject to the Freedom 127
of Information Act, as defined in section 1-200 of the general statutes. 128
Sec. 3. (NEW) (Effective July 1, 2023) (a) Not later than July 1, 2024, the 129
Office of Artificial Intelligence shall review and inventory all automated 130
systems that were developed, utilized or procured by state agencies 131
during the calendar year beginning January 1, 2023. Such inventory 132
shall include the following information for each such automated system: 133
(1) The name of such automated system and the vendor, if any, that 134
provided such automated system; and 135 Raised Bill No. 1103
LCO No. 4854 6 of 14
(2) A description of the general capabilities of such automated 136
system, including, but not limited to: 137
(A) Any reasonably foreseeable capability of such automated system 138
that is outside of any state agency's intended use of such automated 139
system; 140
(B) Whether such automated system was used, or may be used, to 141
independently make, inform or support a conclusion, decision or 142
judgment and the resulting impact on residents of this state; 143
(C) Each type of data input that was used by such automated system, 144
how such inputted data was collected, generated or processed and the 145
type or types of data such automated system generated or is reasonably 146
likely to generate; 147
(D) Whether such automated system (i) discriminated against any 148
individual or group of individuals in violation of the laws of this state 149
or federal law, or (ii) disproportionately impacted any individual or 150
group of individuals, in violation of the laws of this state or federal law, 151
on the basis of any actual or perceived differentiating characteristic, 152
including, but not limited to, age, genetic information, color, ethnicity, 153
race, creed, religion, national origin, ancestry, sex, gender identity or 154
expression, sexual orientation, marital status, familial status, pregnancy, 155
veteran status, disability or lawful source of income; 156
(E) A description of the purpose and intended use of such automated 157
system, including, but not limited to, (i) which decision or decisions 158
such automated system was used to make, inform or support, (ii) 159
whether such automated system is an automated final decision system 160
or automated decision support system, and (iii) the benefit or benefits 161
such automated system was purported to confer and any data or 162
research necessary to determine whether such automated system 163
conferred such purported benefit or benefits; 164
(F) How the data used or generated by such automated system was 165
processed and stored, whether the state agency or agencies that 166 Raised Bill No. 1103
LCO No. 4854 7 of 14
developed, utilized or procured such automated system intend to share 167
access to such automated system or data with any other person, the 168
name of such person and why such state agency or agencies intend to 169
share such access or data with such person; and 170
(G) A description of the impact that such automated system had on 171
the state's finances, including, but not limited to, (i) the initial 172
acquisition and ongoing operating costs for such automated system, (ii) 173
any cost savings provided by such automated system, and (iii) any 174
current or potential sources of funding for such automated system. 175
(b) The Office of Artificial Intelligence shall, as part of the review and 176
inventory performed pursuant to subsection (a) of this section, 177
determine whether an automated system that was developed, utilized 178
or procured by any state agency during the calendar year beginning 179
January 1, 2023: 180
(1) Infringed any legal right of any resident of this state or gave rise 181
to any liability on behalf of, or posed any risk to, this state; and 182
(2) Was transparent and made available to the public under the 183
Freedom of Information Act, as defined in section 1-200 of the general 184
statutes. 185
(c) Not later than December 31, 2024, the Artificial Intelligence Officer 186
shall prepare and submit a report, in accordance with section 11-4a of 187
the general statutes, to the joint standing committee of the General 188
Assembly having cognizance of matters relating to consumer 189
protection. Such report shall contain the review and inventory prepared 190
pursuant to subsection (a) of this section. 191
Sec. 4. (NEW) (Effective July 1, 2023) (a) No state agency shall develop, 192
utilize or procure any automated system on or after January 1, 2024, 193
unless such state agency satisfies the requirements established in this 194
section. 195
(b) Any state agency that intends to develop, utilize or procure any 196 Raised Bill No. 1103
LCO No. 4854 8 of 14
automated system on or after January 1, 2024, shall provide to the Office 197
of Artificial Intelligence, in a form and manner prescribed by the 198
Artificial Intelligence Officer, at least sixty days' advance written notice 199
disclosing that such state agency intends to develop, utilize or procure 200
such automated system. 201
(c) (1) Not later than ninety days after the Office of Artificial 202
Intelligence receives any notice submitted pursuant to subsection (b) of 203
this section, the office, or a third party selected by the office, shall: 204
(A) Review the automated system that is the subject of such notice to 205
determine whether developing, utilizing or procuring such automated 206
system would: 207
(i) Result in any discrimination against any individual or a group of 208
individuals in a manner that is prohibited by the laws of this state or 209
federal law; or 210
(ii) Disproportionately impact any individual or group of 211
individuals, in violation of the laws of this state or federal law, on the 212
basis of any actual or perceived differentiating characteristic, including, 213
but not limited to, age, genetic information, color, ethnicity, race, creed, 214
religion, national origin, ancestry, sex, gender identity or expression, 215
sexual orientation, marital status, familial status, pregnancy, veteran 216
status, disability or lawful source of income; and 217
(B) Send a notice to the state agency that submitted such notice 218
disclosing that the office has determined that developing, utilizing or 219
procuring such automated system would: 220
(i) Result in discrimination against any individual or group of 221
individuals in the manner described in subparagraph (A)(i) of this 222
subdivision, the reasons for such determination and that such state 223
agency shall not develop, utilize or procure such automated system; 224
(ii) Disproportionately impact any individual or group of individuals 225
in the manner described in subparagraph (A)(ii) of this subdivision, the 226 Raised Bill No. 1103
LCO No. 4854 9 of 14
reasons for such determination and that such state agency shall not 227
develop, utilize or procure such automated system; or 228
(iii) Not result in any discrimination described in subparagraph (A)(i) 229
of this subdivision, or have any disproportionate impact described in 230
subparagraph (A)(ii) of this subdivision, and that such state agency may 231
develop, utilize or procure such automated system. 232
(2) If the office does not send any notice pursuant to subparagraph 233
(B) of subdivision (1) of this subsection within the ninety-day period 234
established in subdivision (1) of this subsection, the state agency may 235
develop, utilize or procure such automated system. 236
(d) Each state agency shall comply with the automated system 237
procedures. 238
(e) (1) On and after July 1, 2025, the Office of Artificial Intelligence 239
may, in the Artificial Intelligence Officer's discretion, periodically 240
reevaluate any automated system that is developed, utilized or 241
procured by any state agency to ensure that: 242
(A) Such automated system does not (i) discriminate against any 243
individual or group of individuals in the manner described in 244
subparagraph (A)(i) of subdivision (1) of subsection (c) of this section, 245
or (ii) disproportionately impact any individual or group of individuals 246
in the manner described in subparagraph (A)(ii) of subdivision (1) of 247
subsection (c) of this section; and 248
(B) Such state agency is in compliance with the automated system 249
procedures. 250
(2) If the Office of Artificial Intelligence determines, in the Artificial 251
Intelligence Officer's discretion, that any automated system that is 252
developed, utilized or procured by any state agency results in any 253
discrimination described in subparagraph (A)(i) of subdivision (1) of 254
subsection (c) of this section or has any disproportionate impact 255
described in subparagraph (A)(ii) of subdivision (1) of subsection (c) of 256 Raised Bill No. 1103
LCO No. 4854 10 of 14
this section, or that such state agency has failed to comply with the 257
automated system procedures, the officer shall direct such state agency 258
to immediately cease development, utilization or procurement of such 259
automated system. 260
Sec. 5. (NEW) (Effective July 1, 2023) Not later than February 15, 2025, 261
and annually thereafter, the Artificial Intelligence Officer shall prepare 262
and submit a report, in accordance with section 11-4a of the general 263
statutes, to the joint standing committee of the General Assembly 264
having cognizance of matters relating to consumer protection. Such 265
report shall contain: (1) The current automated system procedures and 266
any updates made to such procedures during the preceding calendar 267
year; (2) any legislation recommended pursuant to subdivision (2) of 268
subsection (a) of section 2 of this act; (3) information concerning the 269
extent to which state agencies used automated systems during the 270
preceding calendar year; and (4) any other information the Artificial 271
Intelligence Officer determines, in the officer's discretion, is relevant for 272
the purposes of this section and sections 1 to 4, inclusive, of this act. 273
Sec. 6. Subsection (a) of section 42-517 of the general statutes is 274
repealed and the following is substituted in lieu thereof (Effective July 1, 275
2023): 276
(a) The provisions of sections 42-515 to 42-525, inclusive, do not apply 277
to any: (1) Body, authority, board, bureau, commission, district or 278
agency of this state or of any political subdivision of this state; (2) 279
nonprofit organization; (3) institution of higher education; (4) national 280
securities association that is registered under 15 USC 78o-3 of the 281
Securities Exchange Act of 1934, as amended from time to time; (5) 282
financial institution or data subject to Title V of the Gramm-Leach-Bliley 283
Act, 15 USC 6801 et seq.; [or] (6) covered entity or business associate, as 284
defined in 45 CFR 160.103; or (7) air carrier, as defined in 49 USC 40102, 285
as amended from time to time, and regulated under the Federal 286
Aviation Act of 1958, 49 USC 40101 et seq., and the Airline Deregulation 287
Act, 49 USC 41713, as said acts may be amended from time to time. 288 Raised Bill No. 1103
LCO No. 4854 11 of 14
Sec. 7. Subsection (a) of section 42-520 of the general statutes is 289
repealed and the following is substituted in lieu thereof (Effective July 1, 290
2023): 291
(a) A controller shall: (1) Limit the collection of personal data to what 292
is adequate, relevant and reasonably necessary in relation to the 293
purposes for which such data is processed, as disclosed to the consumer; 294
(2) except as otherwise provided in sections 42-515 to 42-525, inclusive, 295
not process personal data for purposes that are neither reasonably 296
necessary to, nor compatible with, the disclosed purposes for which 297
such personal data is processed, as disclosed to the consumer, unless the 298
controller obtains the consumer's consent; (3) establish, implement and 299
maintain reasonable administrative, technical and physical data 300
security practices to protect the confidentiality, integrity and 301
accessibility of personal data appropriate to the volume and nature of 302
the personal data at issue; (4) not process sensitive data concerning a 303
consumer without obtaining the consumer's consent, or, in the case of 304
the processing of sensitive data concerning a known child, without 305
processing such data in accordance with COPPA; (5) not process 306
personal data in violation of the laws of this state and federal laws that 307
prohibit unlawful discrimination against consumers; (6) provide an 308
effective mechanism for a consumer to revoke the consumer's consent 309
under this section that is at least as easy as the mechanism by which the 310
consumer provided the consumer's consent and, upon revocation of 311
such consent, cease to process the data as soon as practicable, but not 312
later than fifteen days after the receipt of such request; and (7) not 313
process the personal data of a consumer for purposes of targeted 314
advertising, or sell the consumer's personal data without the consumer's 315
consent, under circumstances where a controller has actual knowledge, 316
[and] or wilfully disregards, that the consumer is at least thirteen years 317
of age but younger than sixteen years of age. A controller shall not 318
discriminate against a consumer for exercising any of the consumer 319
rights contained in sections 42-515 to 42-525, inclusive, including 320
denying goods or services, charging different prices or rates for goods 321
or services or providing a different level of quality of goods or services 322 Raised Bill No. 1103
LCO No. 4854 12 of 14
to the consumer. 323
Sec. 8. (Effective from passage) (a) There is established a task force to 324
study artificial intelligence and develop an artificial intelligence bill of 325
rights. Such study shall include, but need not be limited to, an 326
examination of the impact that artificial intelligence has on residents of 327
this state and persons doing business in this state. 328
(b) The task force shall consist of the following members: 329
(1) Two appointed by the speaker of the House of Representatives; 330
(2) Two appointed by the president pro tempore of the Senate; 331
(3) One appointed by the majority leader of the House of 332
Representatives; 333
(4) One appointed by the majority leader of the Senate; 334
(5) One appointed by the minority leader of the House of 335
Representatives; 336
(6) One appointed by the minority leader of the Senate; 337
(7) The Commissioner of Administrative Services, or the 338
commissioner's designee; and 339
(8) Two appointed by the Governor. 340
(c) Any member of the task force appointed under subdivision (1), 341
(2), (3), (4), (5) or (6) of subsection (b) of this section may be a member 342
of the General Assembly. 343
(d) All initial appointments to the task force shall be made not later 344
than thirty days after the effective date of this section. Any vacancy shall 345
be filled by the appointing authority. 346
(e) The speaker of the House of Representatives and the president pro 347
tempore of the Senate shall select the chairpersons of the task force from 348 Raised Bill No. 1103
LCO No. 4854 13 of 14
among the members of the task force. Such chairpersons shall schedule 349
the first meeting of the task force, which shall be held not later than sixty 350
days after the effective date of this section. 351
(f) The administrative staff of the joint standing committee of the 352
General Assembly having cognizance of matters relating to consumer 353
protection shall serve as administrative staff of the task force. 354
(g) Not later than January 1, 2024, the task force shall submit a report 355
on its findings and recommendations to the joint standing committee of 356
the General Assembly having cognizance of matters relating to 357
consumer protection, in accordance with the provisions of section 11-4a 358
of the general statutes. The task force shall terminate on the date that it 359
submits such report or January 1, 2024, whichever is later. 360
This act shall take effect as follows and shall amend the following
sections:
Section 1 July 1, 2023 New section
Sec. 2 July 1, 2023 New section
Sec. 3 July 1, 2023 New section
Sec. 4 July 1, 2023 New section
Sec. 5 July 1, 2023 New section
Sec. 6 July 1, 2023 42-517(a)
Sec. 7 July 1, 2023 42-520(a)
Sec. 8 from passage New section
Statement of Purpose:
To: (1) Establish an Office of Artificial Intelligence; (2) exempt air
carriers from certain provisions concerning data privacy; (3) provide
that a controller shall not process the personal data of a consumer for
purposes of targeted advertising, or sell the consumer's personal data
without the consumer's consent, under circumstances where a controller
has actual knowledge, or wilfully disregards, that the consumer is at
least thirteen years of age but younger than sixteen years of age; and (4)
establish a task force to (A) study artificial intelligence, and (B) develop
an artificial intelligence bill of rights.
[Proposed deletions are enclosed in brackets. Proposed additions are indicated by underline, except
that when the entire text of a bill or resolution or a section of a bill or resolution is new, it is not
underlined.] Raised Bill No. 1103
LCO No. 4854 14 of 14