First we take Sacramento, then we take Albany…
The New York Privacy Act, a privacy bill proposed by State Sen. Kevin Thomas, D-N.Y., bears similarities to the California Consumer Privacy Act.
Like the CCPA, it would allow people to find out what data companies are collecting on them, see who they’re sharing that data with, request that it be corrected or deleted, and avoid having their data shared with or sold to third parties altogether. However, it includes a private right of action and would apply to companies of any size within the state of New York.
Notably, the New York bill would prohibit using, processing or transferring personal information to a third party, unless the consumer provides express and documented consent and would require businesses to act as so-called “data fiduciaries,” the most basic obligation of whom is a duty to look out for the interests of the people whose data businesses regularly harvest and profit from.
Thus the bill would prohibit companies from using data in a way that causes users some sort of financial or physical harm or in a manner that would be “unexpected and highly offensive to a reasonable consumer.