LCO \\PRDFS1\SCOUSERS\FORZANOF\WS\2023SB-01103-R02-
SB.docx
1 of 17
General Assembly Substitute Bill No. 1103
January Session, 2023
AN ACT CONCERNING ARTIFICIAL INTELLIGENCE, AUTOMATED
DECISION-MAKING AND PERSONAL DATA PRIVACY.
Be it enacted by the Senate and House of Representatives in General
Assembly convened:
Section 1. (NEW) (Effective July 1, 2023) (a) As used in this section: 1
(1) "Artificial Intelligence Officer" means the employee designated 2
pursuant to subsection (b) of this section; 3
(2) "Automated decision support system" means any automated 4
decision system that provides material information for the purpose of 5
informing a conclusion, decision or judgment made by an individual on 6
behalf of a state agency; 7
(3) "Automated decision system" means any machine-based system 8
or application, including, but not limited to, any such system or 9
application that is derived from machine learning, statistics or other 10
data processing or artificial intelligence techniques, that is developed, 11
procured or utilized to make, inform or materially support a critical 12
decision made by a state agency, but does not include passive 13
computing infrastructure; 14
(4) "Automated final decision system" means any automated decision 15
system that makes a final conclusion, decision or judgment on behalf of 16 Substitute Bill No. 1103
LCO {\\PRDFS1\SCOUSERS\FORZANOF\WS\2023SB-01103-
R02-SB.docx }
2 of 17
a state agency without any intervention by an individual acting on 17
behalf of the state agency; 18
(5) "Automated system" means any automated decision support 19
system, automated decision system or automated final decision system; 20
(6) "Automated systems procedures" means the procedures 21
developed and adopted pursuant to this section; 22
(7) "Connecticut Artificial Intelligence Advisory Board" means the 23
board established in section 2 of this act; 24
(8) "Critical decision" means any decision or judgment that has any 25
legal, material or similarly significant effect on an individual's life 26
concerning access to, or the cost, terms or availability of, (A) education 27
and vocational training, including, but not limited to, assessment, 28
accreditation or certification, (B) employment, worker management or 29
self-employment, (C) essential utilities such as electricity, heat, water, 30
Internet or telecommunications access or transportation, (D) family 31
planning services, including, but not limited to, adoption services or 32
reproductive services, (E) financial services, including, but not limited 33
to, any financial service provided by a mortgage company, (F) services 34
from a creditor or mortgage broker, (G) health care, including, but not 35
limited to, mental health care, dental care or vision care, (H) housing or 36
lodging, including, but not limited to, any rental, short-term housing or 37
lodging, (I) legal services, including, but not limited to, private 38
mediation or arbitration, (J) government benefits, or (K) public services; 39
(9) "Passive computing infrastructure" means any intermediary 40
technology, including, but not limited to, web hosting, domain 41
registration, networking, caching, data storage or cybersecurity 42
technology, that does not influence or determine the outcome of a 43
decision, make or aid in making a decision, inform policy 44
implementation or collect data or observations; 45
(10) "State agency" means any department, board, commission, 46
council, institution, office, constituent unit of the state system of higher 47 Substitute Bill No. 1103
LCO {\\PRDFS1\SCOUSERS\FORZANOF\WS\2023SB-01103-
R02-SB.docx }
3 of 17
education, technical education and career school or other agency in the 48
executive, legislative or judicial branch of state government; and 49
(11) "Trade secret" has the same meaning as provided in section 35-50
51 of the general statutes. 51
(b) Not later than October 1, 2023, the Secretary of the Office of Policy 52
and Management shall designate an employee of the Office of Policy 53
and Management to serve as the Artificial Intelligence Officer. Such 54
employee shall have: (1) Extensive knowledge concerning automated 55
systems and artificial intelligence analysis, governance, principles, 56
practices, technology, terminology and trends; and (2) experience in 57
administration, planning, policy development, project management and 58
service coordination. 59
(c) The Artificial Intelligence Officer shall be responsible for 60
performing said officer's duties as set forth in this section. The Secretary 61
of the Office of Policy and Management may contract with a third party, 62
if said secretary deems it necessary, to assist the Artificial Intelligence 63
Officer in performing said officer's duties under this section. 64
(d) Not later than December 31, 2023, and every two years thereafter, 65
the Artificial Intelligence Officer shall, in consultation with the state 66
agency data officers and state agency heads, develop and adopt 67
automated systems procedures for use by state agencies in developing, 68
procuring and utilizing automated systems for critical decisions. In 69
developing such automated systems procedure s, the Artificial 70
Intelligence Officer shall consider imposing the following safeguards, 71
where appropriate, to mitigate risk: (1) Requiring state agencies to 72
develop, procure and utilize automated systems in a manner that is 73
consistent with national and international standards; (2) ensuring that 74
state agencies develop, procure and utilize automated systems in a 75
manner that is consistent with state and federal laws, including, but not 76
limited to, state and federal laws prohibiting discrimination and 77
addressing privacy, civil rights and civil liberties; (3) ensuring that no 78
automated system disproportionately and unlawfully impacts any 79 Substitute Bill No. 1103
LCO {\\PRDFS1\SCOUSERS\FORZANOF\WS\2023SB-01103-
R02-SB.docx }
4 of 17
individual or group of individuals on the basis of any actual or 80
perceived differentiating characteristic, including, but not limited to, 81
age, genetic information, color, ethnicity, race, creed, religion, national 82
origin, ancestry, sex, gender identity or expression, sexual orientation, 83
marital status, familial status, pregnancy, veteran status, disability or 84
lawful source of income; (4) ensuring that any benefits that a state 85
agency gains by utilizing an automated system outweigh any risks 86
inherent in utilizing the automated system; (5) ensuring that each 87
automated system is applied and utilized in a manner that is consistent 88
with the use cases for which such automated system was trained in 89
order to ensure accuracy, reliability and efficacy; (6) ensuring that each 90
automated system is safe, secure and resilient, including, but not limited 91
to, in circumstances in which such automated system is confronted with 92
any systematic vulnerability, adversarial manipulation or other 93
malicious exploitation; (7) ensuring that the operations of, and outcomes 94
generated by, an automated system are sufficiently understandable by 95
subject matter experts and users; (8) ensuring that individual roles and 96
responsibilities are clearly defined, understood and appropriately 97
assigned in a manner that is consistent with the purpose for which each 98
use of an automated system is intended; (9) ensuring that the 99
development, procurement and utilization of an automated system is, 100
and the inputs and outputs for applications of an automated system are, 101
documented and traceable; (10) ensuring that the design, development, 102
procurement and monitoring of an automated system is, and intended 103
purposes of an automated system are, appropriately transparent to the 104
public under uniform protocols and public access requirements 105
concerning releases and posting of appropriate information by each 106
state agency utilizing the automated system; (11) ensuring that data 107
inputs utilized by each automated system are appropriately transparent 108
under the Freedom of Information Act, as defined in section 1-200 of the 109
general statutes; and (12) ensuring that each state agency that utilizes an 110
automated system (A) examines the automated system, at least once 111
every two years, to ensure compliance with such automated systems 112
procedures, (B) supersedes, disengages and deactivates any application 113
of the automated system that demonstrates performance that is, or 114 Substitute Bill No. 1103
LCO {\\PRDFS1\SCOUSERS\FORZANOF\WS\2023SB-01103-
R02-SB.docx }
5 of 17
outcomes that are, inconsistent with such automated systems 115
procedures or any other provision of this section, (C) is appropriately 116
transparent in disclosing any information that is relevant to such state 117
agency's use of the automated system, (D) implements safeguards to 118
ensure that the automated system is properly applied, utilized and 119
functioning, and (E) provides appropriate training to all personnel 120
responsible for developing, procuring or utilizing the automated 121
system. 122
(e) No state agency shall develop, procure or utilize any automated 123
system on or after January 1, 2024, unless such automated system 124
satisfies the requirements established in the automated systems 125
procedures. 126
(f) Not later than November 1, 2023, and every two years thereafter, 127
the Artificial Intelligence Officer shall submit a preliminary draft of the 128
automated systems procedures to the Connecticut Artificial Intelligence 129
Advisory Board. The Connecticut Artificial Intelligence Advisory Board 130
shall hold a public hearing on such draft automated systems 131
procedures, and submit any suggested revisions to the Artificial 132
Intelligence Officer, not later than thirty days after said board receives 133
such draft automated systems procedures. 134
(g) After the public hearing held pursuant to subsection (f) of this 135
section and, if applicable, receiving any recommended revisions from 136
the Connecticut Artificial Intelligence Advisory Board, the Artificial 137
Intelligence Officer shall finalize the automated systems procedures and 138
submit such final automated systems procedures to said board. The 139
Artificial Intelligence Officer shall send a copy of the final automated 140
systems procedures to all state agency data officers, and the Office of 141
Policy and Management shall post such final automated systems 142
procedures on said office's Internet web site. 143
(h) Not later than December 31, 2024, and every two years thereafter, 144
each state agency shall: (1) Conduct an inventory of the automated 145
systems that are in use by such state agency, which inventory shall be in 146 Substitute Bill No. 1103
LCO {\\PRDFS1\SCOUSERS\FORZANOF\WS\2023SB-01103-
R02-SB.docx }
6 of 17
a form prescribed by the Artificial Intelligence Officer; and (2) submit 147
such inventory to said officer and the Connecticut Artificial Intelligence 148
Advisory Board. The Office of Policy and Management shall make each 149
such inventory available to the public on said office's Internet web site. 150
(i) The Artificial Intelligence Officer shall be subject to the Freedom 151
of Information Act, as defined in section 1-200 of the general statutes. 152
(j) No provision of this section shall be construed to: (1) Require 153
disclosure of any trade secret; (2) abrogate any work product protection; 154
or (3) restrict the Artificial Intelligence Officer's or any state agency's 155
ability to (A) conduct any internal research to develop, improve or 156
repair any product, service or technology, (B) prevent, detect, protect 157
against or respond to, or investigate, report or prosecute any person 158
responsible for, any security incident, identity theft, fraud, harassment, 159
malicious or deceptive activity or illegal activity, or (C) preserve the 160
integrity or security of any system. 161
Sec. 2. (NEW) (Effective July 1, 2023) (a) As used in this section: 162
(1) "Automated system" has the same meaning as provided in section 163
1 of this act; 164
(2) "State agency" has the same meaning as provided in section 1 of 165
this act; and 166
(3) "Trade secret" has the same meaning as provided in section 35-51 167
of the general statutes. 168
(b) There is established the Connecticut Artificial Intelligence 169
Advisory Board, which shall be part of the Legislative Department. 170
(c) The board shall consist of the following members: (1) Two 171
appointed by the speaker of the House of Representatives; (2) two 172
appointed by the president pro tempore of the Senate; (3) two appointed 173
by the minority leader of the House of Representatives; (4) two 174
appointed by the minority leader of the Senate; (5) the House 175 Substitute Bill No. 1103
LCO {\\PRDFS1\SCOUSERS\FORZANOF\WS\2023SB-01103-
R02-SB.docx }
7 of 17
chairperson of the joint standing committee of the General Assembly 176
having cognizance of matters relating to consumer protection, or one 177
appointed by such chairperson; and (6) the Senate chairperson of the 178
joint standing committee of the General Assembly having cognizance of 179
matters relating to consumer protection, or one appointed by such 180
chairperson. All appointed members shall have professional experience 181
or academic qualifications in matters pertaining to automated systems, 182
artificial intelligence, artificial intelligence governance and 183
accountability or other related fields. Additional nonvoting ex-officio 184
members shall include the following officials, or their designees: The 185
Commissioner of Administrative Services, the Chief Data Officer, the 186
executive director of the Freedom of Information Commission, the 187
executive director of the Commission on Women, Children, Seniors, 188
Equity and Opportunity, the Attorney General, the Chief Court 189
Administrator, the Treasurer and the Comptroller. The speaker of the 190
House of Representatives and the president pro tempore of the Senate 191
shall each select a co-chair of the board from among the members of the 192
board. 193
(d) All initial appointments to the board shall be made not later than 194
September 1, 2023. The terms of the appointed members shall be 195
coterminous with the terms of the appointing authority for each 196
member. Any vacancy shall be filled by the appointing authority. Any 197
vacancy occurring other than by expiration of a term shall be filled for 198
the balance of the unexpired term. A member of the board may serve 199
more than one term. The co-chairs shall jointly schedule the first 200
meeting of the board, which shall be held not later than October 1, 2023. 201
(e) The administrative staff of the joint standing committee of the 202
General Assembly having cognizance of matters relating to consumer 203
protection shall serve as administrative staff of the board. 204
(f) The board shall have the following powers and duties: (1) To 205
advise state agencies concerning artificial intelligence and automated 206
systems policy, including, but not limited to, best practices for the use 207
of artificial intelligence and automated systems; (2) to perform the 208 Substitute Bill No. 1103
LCO {\\PRDFS1\SCOUSERS\FORZANOF\WS\2023SB-01103-
R02-SB.docx }
8 of 17
duties set forth in subsections (f) and (g) of section 1 of this act; (3) to 209
issue reports and recommendations to the General Assembly in 210
accordance with section 11-4a of the general statutes; (4) upon the 211
request of at least two members of the board, to request that any state 212
agency data officer or state agency head appear before the board to 213
answer questions; (5) to request from any state agency such assistance 214
and data as necessary and available to carry out the purposes of this 215
section; (6) to make recommendations to the legislative leaders 216
concerning artificial intelligence and automated systems policy; and (7) 217
to establish bylaws to govern the board's procedures. 218
(g) The board shall meet at least twice a year and may meet at such 219
other times as deemed necessary by the co-chairs of the board jointly or 220
by a majority of the members of the board. 221
(h) The board shall be subject to the Freedom of Information Act, as 222
defined in section 1-200 of the general statutes. 223
(i) No provision of this section shall be construed to: (1) Require 224
disclosure of any trade secret; (2) abrogate any work product protection; 225
or (3) restrict the board's or any state agency's ability to (A) conduct any 226
internal research to develop, improve or repair any product, service or 227
technology, (B) prevent, detect, protect against or respond to, or 228
investigate, report or prosecute any person responsible for, any security 229
incident, identity theft, fraud, harassment, malicious or deceptive 230
activity or illegal activity, or (C) preserve the integrity or security of any 231
system. 232
Sec. 3. (NEW) (Effective July 1, 2023) (a) As used in this section: 233
(1) "Artificial Intelligence Implementation Officer" means the 234
employee designated pursuant to subsection (b) of this section; 235
(2) "Automated system" has the same meaning as provided in section 236
1 of this act; 237
(3) "Automated systems procedures" has the same meaning as 238 Substitute Bill No. 1103
LCO {\\PRDFS1\SCOUSERS\FORZANOF\WS\2023SB-01103-
R02-SB.docx }
9 of 17
provided in section 1 of this act; 239
(4) "State agency" has the same meaning as provided in section 1 of 240
this act; and 241
(5) "Trade secret" has the same meaning as provided in section 35-51 242
of the general statutes. 243
(b) Not later than October 1, 2023, the Commissioner of 244
Administrative Services shall designate an employee of the Department 245
of Administrative Services to serve as the Artificial Intelligence 246
Implementation Officer. Such employee shall have: (1) Extensive 247
knowledge concerning automated systems and artificial intelligence 248
analysis, governance, principles, practices, technology, terminology and 249
trends; and (2) experience in administration, planning, policy 250
development, project management and service coordination. 251
(c) The Artificial Intelligence Implementation Officer shall be 252
responsible for performing said officer's duties under this section and 253
section 4 of this act. The Commissioner of Administrative Services may 254
contract with a third party, if the commissioner deems it necessary, to 255
assist the Artificial Intelligence Implementation Officer in performing 256
said officer's duties under this section and section 4 of this act. 257
(d) Any state agency that intends to develop, procure or utilize any 258
automated system on or after January 1, 2024, shall provide to the 259
Artificial Intelligence Implementation Officer, in a form and manner 260
prescribed by said officer, at least sixty days' advance written notice 261
disclosing that such state agency intends to develop, procure or utilize 262
such automated system. 263
(e) Not later than ninety days after the Artificial Intelligence 264
Implementation Officer receives any notice submitted pursuant to 265
subsection (d) of this section, said officer may review such notice, and 266
any available documentation concerning the operation of the automated 267
system that is the subject of such notice and any related safeguards, to 268
determine whether developing, procuring or utilizing such automated 269 Substitute Bill No. 1103
LCO {\\PRDFS1\SCOUSERS\FORZANOF\WS\2023SB-01103-
R02-SB.docx }
10 of 17
system would satisfy the requirements established in the automated 270
systems procedures. If the Artificial Intelligence Implementation Officer 271
does not make any determination during such ninety-day period, the 272
state agency that submitted such notice may develop, procure or utilize 273
such automated system. 274
(f) On and after July 1, 2025, the Artificial Intelligence 275
Implementation Officer: 276
(1) May, in said officer's discretion, periodically reevaluate any 277
automated system that is developed, procured or utilized by any state 278
agency to ensure that such automated system satisfies the requirements 279
established in the automated systems procedures; 280
(2) Shall, at least biennially, reevaluate any automated system that is 281
developed, procured or utilized by any state agency if said officer, in 282
said officer's discretion, determines that such automated system poses 283
any significant risk; and 284
(3) May take any action not set forth in subdivision (1) or (2) of this 285
subsection that said officer, in said officer's discretion, may deem 286
appropriate to carry out the purposes of this subsection. 287
(g) If the Artificial Intelligence Implementation Officer determines 288
that any automated system that is developed, procured or utilized by 289
any state agency does not satisfy the requirements established in the 290
automated systems procedures, said officer shall direct such state 291
agency to immediately cease development, procurement or utilization 292
of such automated system. 293
(h) The Artificial Intelligence Implementation Officer shall be subject 294
to the Freedom of Information Act, as defined in section 1-200 of the 295
general statutes. 296
(i) No provision of this section shall be construed to: (1) Require 297
disclosure of any trade secret; (2) abrogate any work product protection; 298
or (3) restrict the Artificial Intelligence Implementation Officer's or any 299 Substitute Bill No. 1103
LCO {\\PRDFS1\SCOUSERS\FORZANOF\WS\2023SB-01103-
R02-SB.docx }
11 of 17
state agency's ability to (A) conduct any internal research to develop, 300
improve or repair any product, service or technology, (B) prevent, 301
detect, protect against or respond to, or investigate, report or prosecute 302
any person responsible for, any security incident, identity theft, fraud, 303
harassment, malicious or deceptive activity or illegal activity, or (C) 304
preserve the integrity or security of any system. 305
Sec. 4. (Effective July 1, 2023) (a) As used in this section: 306
(1) "Artificial Intelligence Implementation Officer" has the same 307
meaning as provided in section 3 of this act; 308
(2) "Automated decision support system" has the same meaning as 309
provided in section 1 of this act; 310
(3) "Automated final decision system" has the same meaning as 311
provided in section 1 of this act; 312
(4) "Automated system" has the same meaning as provided in section 313
1 of this act; 314
(5) "Critical decision" has the same meaning as provided in section 1 315
of this act; 316
(6) "State agency" has the same meaning as provided in section 1 of 317
this act; and 318
(7) "Trade secret" has the same meaning as provided in section 35-51 319
of the general statutes. 320
(b) Not later than December 31, 2023, the Artificial Intelligence 321
Implementation Officer shall inventory all automated systems that are 322
in use by state agencies for critical decisions. Such inventory shall 323
include the following information for each such automated system: 324
(1) The name of such automated system and the vendor, if any, that 325
provided such automated system; and 326 Substitute Bill No. 1103
LCO {\\PRDFS1\SCOUSERS\FORZANOF\WS\2023SB-01103-
R02-SB.docx }
12 of 17
(2) A description of the general capabilities of such automated 327
system, including, but not limited to: 328
(A) Any reasonably foreseeable capability of such automated system 329
that is outside of any state agency's intended use of such automated 330
system; 331
(B) Whether such automated system was used, or may be used, to 332
independently make, inform or materially support a conclusion, 333
decision or judgment and the resulting impact on residents of this state; 334
(C) Each type of data input that was used by such automated system, 335
how such inputted data was collected, generated or processed and the 336
type or types of data such automated system generated or is reasonably 337
likely to generate; 338
(D) Whether such automated system (i) discriminated against any 339
individual or group of individuals in violation of state or federal law, or 340
(ii) disproportionately and unlawfully impacted any individual or 341
group of individuals on the basis of any actual or perceived 342
differentiating characteristic, including, but not limited to, age, genetic 343
information, color, ethnicity, race, creed, religion, national origin, 344
ancestry, sex, gender identity or expression, sexual orientation, marital 345
status, familial status, pregnancy, veteran status, disability or lawful 346
source of income; 347
(E) A description of the purpose and intended use of such automated 348
system, including, but not limited to, (i) which decision or decisions 349
such automated system was used to make, inform or materially support, 350
(ii) whether such automated system is an automated final decision 351
system or automated decision support system, and (iii) the benefit or 352
benefits such automated system was purported to confer and any data 353
or research necessary to determine whether such automated system 354
conferred such purported benefit or benefits; and 355
(F) How the data used or generated by such automated system was 356
processed and stored, whether the state agency or agencies that 357 Substitute Bill No. 1103
LCO {\\PRDFS1\SCOUSERS\FORZANOF\WS\2023SB-01103-
R02-SB.docx }
13 of 17
developed, procured or utilized such automated system intend to share 358
access to such automated system or data with any other person, the 359
name of such person and why such state agency or agencies intend to 360
share such access or data with such person. 361
(c) The Artificial Intelligence Implementation Officer shall, as part of 362
the inventory performed pursuant to subsection (b) of this section, 363
determine whether any automated system included in such inventory: 364
(1) Infringed any legal right of any resident of this state; and 365
(2) Was publicly disclosed under the Freedom of Information Act, as 366
defined in section 1-200 of the general statutes, in an appropriately 367
transparent manner. 368
(d) No provision of this section shall be construed to: (1) Require 369
disclosure of any trade secret; (2) abrogate any work product protection; 370
or (3) restrict the Artificial Intelligence Implementation Officer's or any 371
state agency's ability to (A) conduct any internal research to develop, 372
improve or repair any product, service or technology, (B) prevent, 373
detect, protect against or respond to, or investigate, report or prosecute 374
any person responsible for, any security incident, identity theft, fraud, 375
harassment, malicious or deceptive activity or illegal activity, or (C) 376
preserve the integrity or security of any system. 377
(e) Not later than December 31, 2024, the Artificial Intelligence 378
Implementation Officer shall prepare and submit a report, in accordance 379
with section 11-4a of the general statutes, to the joint standing committee 380
of the General Assembly having cognizance of matters relating to 381
consumer protection. Such report shall contain the inventory prepared 382
pursuant to subsection (b) of this section. 383
Sec. 5. (NEW) (Effective July 1, 2023) Notwithstanding any provision 384
of the general statutes, no state contracting agency shall enter into any 385
contract with a business on or after July 1, 2023, unless such contract 386
contains a provision requiring the business to comply with all applicable 387
provisions of sections 42-515 to 42-525, inclusive, of the general statutes. 388 Substitute Bill No. 1103
LCO {\\PRDFS1\SCOUSERS\FORZANOF\WS\2023SB-01103-
R02-SB.docx }
14 of 17
For the purposes of this section, "business", "contract" and "state 389
contracting agency" have the same meanings as provided in section 4e-390
1 of the general statutes. 391
Sec. 6. Subsection (a) of section 42-517 of the general statutes is 392
repealed and the following is substituted in lieu thereof (Effective July 1, 393
2023): 394
(a) The provisions of sections 42-515 to 42-525, inclusive, do not apply 395
to any: (1) Body, authority, board, bureau, commission, district or 396
agency of this state or of any political subdivision of this state; (2) 397
nonprofit organization; (3) institution of higher education; (4) national 398
securities association that is registered under 15 USC 78o-3 of the 399
Securities Exchange Act of 1934, as amended from time to time; (5) 400
financial institution or data subject to Title V of the Gramm-Leach-Bliley 401
Act, 15 USC 6801 et seq.; [or] (6) covered entity or business associate, as 402
defined in 45 CFR 160.103; or (7) air carrier, as defined in 49 USC 40102, 403
as amended from time to time, and regulated under the Federal 404
Aviation Act of 1958, 49 USC 40101 et seq., and the Airline Deregulation 405
Act, 49 USC 41713, as said acts may be amended from time to time. 406
Sec. 7. Subsection (a) of section 42-520 of the general statutes is 407
repealed and the following is substituted in lieu thereof (Effective July 1, 408
2023): 409
(a) A controller shall: (1) Limit the collection of personal data to what 410
is adequate, relevant and reasonably necessary in relation to the 411
purposes for which such data is processed, as disclosed to the consumer; 412
(2) except as otherwise provided in sections 42-515 to 42-525, inclusive, 413
not process personal data for purposes that are neither reasonably 414
necessary to, nor compatible with, the disclosed purposes for which 415
such personal data is processed, as disclosed to the consumer, unless the 416
controller obtains the consumer's consent; (3) establish, implement and 417
maintain reasonable administrative, technical and physical data 418
security practices to protect the confidentiality, integrity and 419
accessibility of personal data appropriate to the volume and nature of 420 Substitute Bill No. 1103
LCO {\\PRDFS1\SCOUSERS\FORZANOF\WS\2023SB-01103-
R02-SB.docx }
15 of 17
the personal data at issue; (4) not process sensitive data concerning a 421
consumer without obtaining the consumer's consent, or, in the case of 422
the processing of sensitive data concerning a known child, without 423
processing such data in accordance with COPPA; (5) not process 424
personal data in violation of the laws of this state and federal laws that 425
prohibit unlawful discrimination against consumers; (6) provide an 426
effective mechanism for a consumer to revoke the consumer's consent 427
under this section that is at least as easy as the mechanism by which the 428
consumer provided the consumer's consent and, upon revocation of 429
such consent, cease to process the data as soon as practicable, but not 430
later than fifteen days after the receipt of such request; and (7) not 431
process the personal data of a consumer for purposes of targeted 432
advertising, or sell the consumer's personal data without the consumer's 433
consent, under circumstances where a controller has actual knowledge, 434
[and] or wilfully disregards, that the consumer is at least thirteen years 435
of age but younger than sixteen years of age. A controller shall not 436
discriminate against a consumer for exercising any of the consumer 437
rights contained in sections 42-515 to 42-525, inclusive, including 438
denying goods or services, charging different prices or rates for goods 439
or services or providing a different level of quality of goods or services 440
to the consumer. 441
Sec. 8. (Effective from passage) (a) There is established a task force to 442
study artificial intelligence. The task force shall (1) develop, and make 443
recommendations concerning adoption of, an artificial intelligence bill 444
of rights based on the "Blueprint for an AI Bill of Rights" published by 445
the White House Office of Science and Technology Policy, and (2) study 446
the feasibility of establishing, and make recommendations concerning 447
the establishment of, a department of artificial intelligence enablement 448
to assist state agencies and municipalities with ethically implementing 449
artificial intelligence technologies. 450
(b) The task force shall consist of the following members: 451
(1) Two appointed by the speaker of the House of Representatives; 452 Substitute Bill No. 1103
LCO {\\PRDFS1\SCOUSERS\FORZANOF\WS\2023SB-01103-
R02-SB.docx }
16 of 17
(2) Two appointed by the president pro tempore of the Senate; 453
(3) One appointed by the majority leader of the House of 454
Representatives; 455
(4) One appointed by the majority leader of the Senate; 456
(5) One appointed by the minority leader of the House of 457
Representatives; 458
(6) One appointed by the minority leader of the Senate; 459
(7) The Commissioner of Administrative Services, or the 460
commissioner's designee; and 461
(8) Two appointed by the Governor. 462
(c) Any member of the task force appointed under subdivision (1), 463
(2), (3), (4), (5) or (6) of subsection (b) of this section may be a member 464
of the General Assembly. 465
(d) All initial appointments to the task force shall be made not later 466
than thirty days after the effective date of this section. Any vacancy shall 467
be filled by the appointing authority. 468
(e) The speaker of the House of Representatives and the president pro 469
tempore of the Senate shall select the chairpersons of the task force from 470
among the members of the task force. Such chairpersons shall schedule 471
the first meeting of the task force, which shall be held not later than sixty 472
days after the effective date of this section. 473
(f) The administrative staff of the joint standing committee of the 474
General Assembly having cognizance of matters relating to consumer 475
protection shall serve as administrative staff of the task force. 476
(g) Not later than January 1, 2024, the task force shall submit a report 477
on its findings and recommendations to the joint standing committee of 478
the General Assembly having cognizance of matters relating to 479 Substitute Bill No. 1103
LCO {\\PRDFS1\SCOUSERS\FORZANOF\WS\2023SB-01103-
R02-SB.docx }
17 of 17
consumer protection, in accordance with the provisions of section 11-4a 480
of the general statutes. The task force shall terminate on the date that it 481
submits such report or January 1, 2024, whichever is later. 482
This act shall take effect as follows and shall amend the following
sections:
Section 1 July 1, 2023 New section
Sec. 2 July 1, 2023 New section
Sec. 3 July 1, 2023 New section
Sec. 4 July 1, 2023 New section
Sec. 5 July 1, 2023 New section
Sec. 6 July 1, 2023 42-517(a)
Sec. 7 July 1, 2023 42-520(a)
Sec. 8 from passage New section
GL Joint Favorable Subst.
APP Joint Favorable