In 2015, California enacted groundbreaking privacy legislation and in 2018, the state took up the matter again with even tougher rules that have been fought tooth-and-nail by Big Tech companies, many of whom are headquartered in the state.
Not to be outdone, New York State Senator Kevin Thomas introduced The New York Privacy Act in May, which binds over all tech companies to serve as "data fiduciaries," with a legal requirement to use your data in ways that benefit you — and not ways that benefit themselves at your expense (lawyers, doctors and other professionals have similar fiduciary duties); specifically, companies must not use your data in ways that would be "unexpected and highly offensive to a reasonable consumer."
Facebook hates this and reportedly told Thomas that it would force them to leave New York State (Facebook denies they told him this).
Thomas believes he can get his bill through the state senate this summer, and is seeking a co-sponsor in the state assembly.
But the New York bill, as it's currently written, departs from the California model in significant ways. While the California law leaves enforcement to the state's attorney general, the New York Privacy Act would give New Yorkers the right to sue companies directly over privacy violations, possibly setting up a barrage of individual lawsuits. Industry groups vehemently opposed a similar provision—also known as a private right of action—in California, and they succeeded in driving it out of the bill when it was finally signed into law last year. And while California's law applies only to businesses that make more than $25 million annual gross revenue, the New York bill would apply to companies of any size.
New York's Privacy Bill Is Even Bolder Than California's [Issie Lapowsky/Wired]