Where California pioneered, with the first major piece of data privacy legislation in the U.S., New York has stalled. Passing the act would have given a second major area of the U.S. something similar to the European Guide to the General Data Protection Regulation (GDPR).
The New York Privacy Act, introduced in May 2019 by state senator Kevin Thomas, would have granted residents greater control over their data than in any other state. It would also have required businesses to put their customers’ privacy before their own profits.
The legislation was broader than the Californian Act, and it would have applied to non-profit companies as well as for-profit businesses. Furthermore, the proposed legislation included a private right of action for data breaches of $10,000 per consumer. According to the Electronic Frontier Foundation the legislation would have designated businesses which collect and hold personal information on consumers as “information fiduciaries” and imposed on such companies a “duty to exercise loyalty and care”. This meant companies would be required to alert consumers of what information they collected, the purpose for that collection, and what, and with whom, information was shared.
However, the legislation did not pass. The reasons for this are speculated to be issues with the highly prescriptive nature of the law, plus the extent of the impact on small and medium-sized companies.
Commenting on the news, Chris Slovak, VP of Tealium (“the leader in real-time customer data orchestration”) told Digital Journal that this isn’t the end of data privacy initiatives for the U.S.: “Even though the New York Privacy Act failed this time, federal legislation proposals will continue to put greater fiduciary responsibility on how companies collect and manage consumer data.”
He adds that businesses should begin the process of preparing for increased regulatory focus, stating: “Most companies today aren’t equipped with the right people, technology, or processes needed to ensure that they’re acting in the best interests of consumers, and that’s because most companies don’t have full visibility over where data comes from and what happens to it after they’ve got it.”
Other U.S. states, including Massachusetts and Connecticut as pushing ahead with their own variants of data privacy and data protection legislation
