The Monopoly Report – Episode 52

State Privacy Law with Senator James Maroney
Date: October 22, 2025
Host: Alan Chapell
Guest: Senator James Maroney (Connecticut)

Episode Overview

This episode centers around the evolution and challenges of passing state privacy legislation, with a focus on Connecticut’s journey. Host Alan Chapell engages Senator James Maroney in a wide-ranging discussion covering legislative hurdles, industry lobbying, inter-state collaboration, and the ongoing drive to balance consumer protection with business realities as new technologies, especially AI, evolve. The conversation also explores lessons learned by state lawmakers, the interplay between state and federal law, and predictions for UConn basketball.

Key Discussion Points & Insights

Senator Maroney's Privacy Law Origin Story

• Entry into Privacy Legislation ([02:08])
  • Maroney didn’t seek out privacy law; "the issue found me."
  • Inherited the legislative effort after it was promoted by other committee members.
  • Background as a tech-savvy small business owner contributed to his interest.
  • “It took me three years to pass our privacy bill... I just haven't come out [of the rabbit hole].” – Maroney ([03:26])

Legislative Hurdles & Industry Lobbying

• Intensity of Lobbying ([04:08])

  • The privacy bill was “definitely the most lobbied bill in Connecticut’s legislature for all of those three years.”
  • Opposition included claims the law would prevent pandemic response, which he refutes with the example of California.
  • Connecticut even generates sales tax on lobbying, providing a humorous side effect.
  • “For every hour I ran [a meeting], I generated $1,000 in sales tax revenue...” – Maroney

• Early Failures and Strategic Lessons ([05:33])

  • Initial attempts failed to make it out of committee, even with a minimal “privacy notice” bill.
  • Industry leveraged fears of a “slippery slope.”
  • Success came through public, inclusive working groups and recruiting a House champion to mirror Senate efforts.
  • “It’s not just getting it out of one... you have to get it out of both Senate and the House.” – Maroney ([07:25])
  • After amendments and setbacks, the final law required the Global Privacy Control (GPC), a meaningful strengthening.

Global Privacy Control, User Rights & Industry Balance

• Global Privacy Control & Anti-Preferencing ([09:00])

  • GPC included as mandatory opt-out mechanism.
  • Law addresses browser-based ad platform conflicts (i.e., browser vendors using GPC to favor their ad services).
  • Bill was strongly influenced by Connecticut’s AG privacy team and advocacy groups like Consumer Reports.

• Consent, Opt-Out, and User Experience ([11:08])

  • Debate on consent versus default/opt-out; “everything is a balancing act.”
  • Acknowledgment that “opt outs should not be difficult to enact.”
  • Discussion on the challenge of not making user experience suffer while ensuring meaningful privacy protections.

Defining Personal Data and De-Identification

• Broad Definitions & Challenges ([12:18]–[14:33])

  • Connecticut, like other states, includes “inferences” as personal data.
  • Difficulty differentiating de-identified from personal data; perhaps not enough incentives for privacy-enhancing measures.
  • Maroney: “We probably didn’t end up doing as much as we should have to incentivize privacy-enhancing measures.”

• Privacy Laws as Evolving, Not Final ([15:22])

  • “We’re writing laws, we’re not etching commandments in stone tablets.”
  • Regular amendments and updates are expected as tech and society evolve.

Future Legislative Priorities & Public Safety

• Reacting to Real-World Harms ([16:44])
  • The Minnesota tragedy (publicly available data used in targeted violence) spurs interest in more robust data broker laws.
  • Considering California’s Delete Act and New Jersey’s Daniel’s Law as models.
  • Ongoing clean-up and tightening of definitions—e.g., “sharing” and “publicly available information.”
  • “If I’m opening the bill up anyway next year... I may do a little bit of cleanup.” – Maroney

Interstate Collaboration & Working Groups

• State-level Coordination ([19:37])

  • Regular communication among privacy-focused legislators in different states.
  • Multi-state AI policy working group includes reps from 48 states, hosted or coordinated by groups like Future of Privacy Forum and now Princeton.
  • “For any state my recommendation is usually do privacy first before you would look at doing something [AI-specific].” – Maroney ([21:24])

• Role of Future of Privacy Forum and Princeton ([21:43])

  • National conveners help states avoid the feared "patchwork" by sharing definitions, strategies, and expert advice.

Sensitive Data Regulation & Authorized Agents

• Sensitive Data—Opt In or Prohibition? ([23:34])

  • Connecticut has expanded its sensitive data definitions and tightened permissible purposes.
  • The debate on whether to require opt-in consent or outright prohibition; Connecticut currently prefers opt-in with some minimization.

• Authorized Agent Issues ([25:06])

  • Current scope: Agents can only opt out of sales and tracking, not access or delete data.
  • Concerns about fraudulent or overzealous agents prompting future oversight and possible self-regulation.

Rulemaking, Consistency, and Federal Preemption

• AG’s Lack of Rulemaking Power ([28:41])

  • In CT, everything must be written into the law with little discretion left to regulators.

• Patchwork Problem & Federal Law ([30:21]–[34:33])

  • State definitions strive for consistency (often borrowing directly from GDPR and other states), but inevitable tweaks create variation.
  • The fear is that extreme patchwork would finally prompt a comprehensive federal privacy law (as with CAN-SPAM in 2003).
  • Maroney prefers a federal “floor” allowing states to strengthen protections, not a strict ceiling.
  • “Our preference would be more to see a federal floor rather than a ceiling, right, to set... baseline protections.” – Maroney ([35:19])

Enforcement and Private Right of Action

• Challenges Without Private Right of Action ([36:10]–[39:41])
  • Recognition that enforcement challenges exist for small states without the resources of California.
  • Maroney: “I get the argument there’s no rights without recourse. I just don’t want to pass a bill that creates a new cottage industry of chasing after... violations.”
  • Pragmatic approach: finding a “happy medium” to allow real recourse without encouraging abusive litigation.

Memorable Closing—UConn Basketball

• Basketball Predictions ([40:25])
  • Maroney predicts combined UConn men’s and women’s teams will lose “four games” this season.
  • Personal note: First season with both men’s and women’s tickets.

Notable Quotes & Memorable Moments

• On Lobbying Intensity:
  “It was definitely the most lobbied bill in the Connecticut legislature for all of those three years... Connecticut charges sales tax on lobbying services.” — Maroney ([04:08])

• On Legislative Process:
  “It’s not just getting it out of one. You know, you have to get it out of both the Senate and the House. So making sure you have champions in the other chamber is critical.” — Maroney ([07:25])

• On Lawmaking Philosophy:
  “We’re writing laws, we’re not etching commandments in stone tablets... liquor is thousands of years old [and still gets changed].” — Maroney ([15:22])

• On Privacy Law Consistency:
  “People don’t want the patchwork, right?” — Maroney ([30:21])
  “You can usually find the handiwork of Law A in Law B, C, and D’s initial drafts... There’s always a hidden comma or period or definition that you’ve got to figure out.” — Chapell ([32:23])

• On Federal Law Preemption:
  “Our preference would be more to see a federal floor rather than a ceiling... as long as people had those critical protections, that would at least feel that we contributed toward making that happen.” — Maroney ([35:19])

• On Enforcement:
  “There’s no rights without recourse” but “I just don’t want to pass a bill that creates a new cottage industry of chasing after... violations.” — Maroney ([38:09])

• On Interstate Collaboration:
  “I talk with lots of different legislators now... we try to stay on top of it.” — Maroney
  “We had built a multi-state AI policy working group... our email list is over 250 legislators, [from] 48 out of the 50 states.” — Maroney ([20:01])

• On Future Amendments & Clean-ups:
  “If I’m opening the bill up anyway next year... I may need to do a little bit of cleanup.” — Maroney ([16:44])

Key Timestamps

• 02:08: Maroney’s entry into privacy legislation
• 04:08: Lobbying intensity and legislative barriers
• 07:25: Strategic lessons, need for champions in both Chambers
• 09:00: Global Privacy Control inclusion and anti-preferencing measures
• 12:18: Consent and user experience balance
• 13:37: Defining personal data and de-identification challenges
• 15:22: Laws as iterative, not static
• 16:44: Future priorities—data brokers, Delete Act, and public safety
• 19:37: Interstate legislative collaboration and working groups
• 21:43: Role of Future of Privacy Forum and Princeton
• 23:34: Regulation of sensitive data, opt-in versus prohibition
• 25:06: Authorized agents and risk management
• 28:41: AG’s lack of rulemaking power in CT
• 30:21: Patchwork issue and federal law prospects
• 35:19: Federal law as floor vs ceiling
• 38:09: Enforcement challenges and private right of action
• 40:25: UConn basketball prediction

Tone and Style Notes

The episode is candid, lightly humorous, and pragmatic. There’s a clear rapport between host and guest, and both demonstrate a deep awareness of the policy, technical, and political nuances of privacy law. Maroney especially conveys a collaborative, thoughtful approach, aware of trade-offs and the realities of state-level governance.

Summary Takeaways

• Passing privacy legislation in states like Connecticut is a multi-year, heavily lobbied process requiring strategic alliances, transparent public working groups, and legislative champions in both chambers.
• Laws evolve through trial, amendment, and input from state AGs and consumer advocates. The Connecticut law, now seen as a strong model, initially failed in simpler forms.
• States are increasingly collaborating to harmonize law definitions and share best practices, hoping to avoid counterproductive regulatory patchworks and, potentially, to prompt sensible federal action.
• Major remaining unresolved issues include enforcement mechanisms (especially private right of action), scope of authorized agents, emerging threats from data broker availability, and real-world harms from unregulated data.
• Both the host and Maroney share optimism for iterative improvement—and for UConn basketball’s imminent dominance.