By Alexander Kalogeras
For the time being, the answer—unfortunately—is no. However, New York State may soon follow the footsteps of California, Colorado, Connecticut, Utah, and Virginia (each of which recently passed comprehensive consumer data privacy laws) by enacting the New York Privacy Act.
So, what is data privacy? In a nutshell, data privacy refers to the rules and processes around sharing—often personal—digital data with third parties as well as how, where, and why those data are stored. Data privacy and security are becoming an increasing concern as the world plunges deeper into the digital age, especially when big-tech companies make billions selling their users’ personal data.
It is not all doom and gloom, though. The New York State legislature recognizes that privacy is an “essential element of freedom”1 and is currently seeking to help New Yorkers regain their privacy. The Act was introduced by State Senator Kevin Thomas in May 2021 and is currently under review by the Senate’s Internet and Technology Committee. While still subject to revision, the proposed legislation is certainly a step in the right direction to expand consumers’ rights and to secure their sensitive information.
The Act is broad and applies to “legal persons that conduct business in New York or that produce products or services that are targeted to residents of New York” that meet one or more of the following conditions:
annual gross revenue of at least twenty-five million dollars;
control or process personal data of at least one hundred thousand consumers;
control or process personal data of at least five hundred thousand people nationwide, and control or process personal data of at least ten thousand consumers; or
derive over fifty percent of gross revenue from the sale of personal data, and control or process personal data of at least twenty-five thousand consumers.2
State and local governments as well as municipal corporations are exempt from the Act.
More importantly, the Act creates various rights for consumers. Under the New York Privacy Act, consumers have the right (1) to know how and with whom their personal data are being shared; and, (2) to opt out, at any time, if their data are being sold or used for the purposes of targeted advertising.3 Furthermore, if a business processes “sensitive data”4 it must obtain “freely given, specific, informed, and unambiguous consent” from consumers.5 Finally, consumers will have the right to access, correct, or delete their personal data and the right to portable data (i.e., data that are easily moveable or transferable from company to consumer).
While the Act is subject to change, it is the most comprehensive and broad of its kind. It goes beyond its predecessors by preventing companies from engaging in “unfair, deceptive, or abusive acts . . . with respect to obtaining consumer consent.”6 It also imposes on companies a “duty of care” which requires, among other things, annual risk assessments and reasonable safeguards to protect consumer data.7
If you own a business that falls under the scope of the New York Privacy Act, it is critical that you stay up to date with legal developments and that your business is always in compliance. Being ahead of the game is key—especially when there is a great possibility of significant developments in the law. Reach out to the knowledgeable attorneys here at KI Legal to get a customized and cost-effective legal compliance strategy, regardless of your business size or type.
[1] Senate Bill S6701B
[2] Id. at Sec. 1101
[3] Id. at Sec. 1102
[4] “Sensitive data” are data that reveal racial or ethnic origin, religious beliefs, mental or physical health condition or diagnosis, sex life, sexual orientation, citizenship or immigration status, genetic or biometric information for the purpose of uniquely identifying a person (e.g., fingerprints or facial identification), or precise geolocation data. Sec. 1100
[5] 1102 (3)
[6] 1103 1 (b) (ii)
[7] 1103 (1) (c) (i) (A)
This information is the most up to date news available as of the date posted. Please be advised that any information posted on the KI Legal Blog or Social Channels is being supplied for informational purposes only and is subject to change at any time. For more information, and clarity surrounding your individual organization or current situation, contact a member of the KI Legal team
KI Legal focuses on guiding companies and businesses throughout the entire legal spectrum. KI Legal’s services generally fall under three broad-based practice group areas: Transactions, Litigation and General Counsel. Its extensive client base is primarily made up of real estate developers, managers, owners and operators, lending institutions, restaurant and hospitality groups, construction companies, investment funds, and asset management firms. KI Legal’s unwavering reputation for diligent and thoughtful representation has been established and sustained by its strong team of reputable attorneys and staff. For the latest updates, follow KI Legal on LinkedIn, Facebook, and Instagram. For more information, visit kilegal.com.
The post Is Data Privacy Your Right in New York? appeared first on KI Legal.