Researcher: GM Page 1 3/24/25
OLR Bill Analysis
sSB 1338
AN ACT CONCERNING MINORS' MONEY SHARING APPLICATION
ACCOUNTS.
SUMMARY
This bill regulates minors’ access to certain money sharing
applications by imposing restrictions and duties on people who are or
must be licensed as money transmitters (“licensees”) under the state’s
Money Transmission Act, which regulates businesses, other than banks
or credit unions, that receive and transmit money. Generally, the bill:
1. prohibits any licensee, beginning on October 1, 2025, from
allowing anyone to sponsor, open, or establish a money sharing
application account for a minor unless the licensee receives a
notarized statement from the person attesting that he or she is the
minor’s parent or legal guardian;
2. requires, with exceptions, licensees to delete a minor’s money
sharing application account within 15 business days after
receiving a request to do so from the minor or the minor’s parent
or legal guardian; and
3. makes violations of its provisions an unfair trade practice,
enforced solely by the attorney general.
The bill defines “money sharing application” as an Internet-based
service or application that is (1) owned or operated by a licensee, (2)
used by a consumer in Connecticut, and (3) primarily intended to allow
users to send and receive money. By law and under the bill, a “minor”
is a consumer younger than age 18, and a “consumer” is a state resident
and generally excludes anyone acting in a commercial or employment
context.
EFFECTIVE DATE: October 1, 2025 2025SB-01338-R000182-BA.DOCX
Researcher: GM Page 2 3/24/25
GENERAL PROCEDURES AND EXCEPTI ONS
When responding to requests to delete a minor’s account, the bill also
generally requires licensees to stop processing the minor’s personal data
within the 15-business day response period after receiving the request.
By law and under the bill, “personal data” is any information that is
linked, or reasonably linkable, to an identified or identifiable individual,
excluding de-identified data or publicly available information. (“De-
identified data” is generally data that cannot reasonably be used to infer
information about, or otherwise be linked to, a specific individual or his
or her device and “publicly available information” is generally
information that is lawfully available through federal, state, or
municipal government records, or widely distributed media (CGS § 42-
515).)
Under the bill, licensees do not have to follow its account deletion
and personal data processing requirements if other applicable law, such
as Connecticut’s laws on consumer data privacy and online monitoring,
allow or require them to preserve a minor’s account or personal data.
Additionally, the bill allows licensees to extend the time to delete an
account and stop processing personal data by an additional 15 business
days under certain conditions. Specifically, if (1) it is reasonably
necessary to do so based on the complexity and number of, presumably,
additional requests from the requestor, and (2) the licensee informs the
requestor about the extension and reason for it within the initial 15-
business day response period.
As part of deletion requests, the bill allows requestors to also request
licensees provide all data associated with the minor’s account. (Under
the bill, this means, at a minimum, an itemization of each account
transaction and the identity of who opened the account. It is not clear
that licensees are actually required to provide the data.)
Relatedly, the bill requires licensees to (1) establish one or more
secure and reliable ways for minors and their parents and legal
guardians to submit requests to delete minors’ accounts and (2) describe 2025SB-01338-R000182-BA.DOCX
Researcher: GM Page 3 3/24/25
them in a privacy notice. Licensees that provide a mechanism to initiate
a process to delete an account are deemed to be in compliance with this
provision (and, it appears, the account deletion and personal data
processing requirements).
INABILITY TO AUTHENTICATE REQUESTS
In addition to the exceptions above, the bill allows licensees to ignore
requests they cannot authenticate if they give the requestor certain
notice. Specifically, that they cannot authenticate the request and will
not be able to do so until the requestor provides additional reasonably
necessary information. Under the bill, to “authenticate” is using
reasonable means and making a commercially reasonable effort to
determine if the requestor is the minor for the account or the minor’s
parents or legal guardians.
ENFORCEMENT OF VIOLA TIONS
The bill specifies that none of its provisions may be construed to
create a private right of action or grounds for a class action under the
Connecticut Unfair Trade Practices Act (CUTPA). By law, CUTPA
allows courts to, among other things, issue restraining orders, award
actual and punitive damages, and impose civil penalties of up to $5,000
for willful violations and up to $25,000 for a restraining order violation
(CGS § 42-110a et seq.).
BACKGROUND
Related Bill
HB 6691, favorably reported by the Banking Committee, among other
things, changes the definition of “money transmission” under the
Money Transmission Act to specifically include using a digital wallet in
connection with a consumer payment mobile application.
COMMITTEE ACTION
Banking Committee
Joint Favorable Substitute
Yea 12 Nay 0 (03/06/2025)