•  Summary 
  •  Actions 
  •  Committee Votes 
  •  Floor Votes 
  •  Memo 
  •  Text 
  •  LFIN 
  •  Chamber Video/Transcript 

A01366 Summary:

COSPNSRColton, Gunther, Lupardo, Zebrowski, Benedetto, Pretlow, Rosenthal L, Weprin
MLTSPNSRDinowitz, Hevesi, Peoples-Stokes
Add §390-e, Gen Bus L
Relates to establishing the online consumer protection act; defines terms; provides that an advertising network shall post clear and conspicuous notice on the home page of its own website about its privacy policy and its data collection and use practices related to its advertising delivery activities; makes related provisions.
Go to top    

A01366 Actions:

01/17/2023referred to consumer affairs and protection
01/03/2024referred to consumer affairs and protection
Go to top

A01366 Text:

                STATE OF NEW YORK
                               2023-2024 Regular Sessions
                   IN ASSEMBLY
                                    January 17, 2023
          DETTO, PRETLOW, L. ROSENTHAL, WEPRIN -- Multi-Sponsored by -- M. of A.
          DINOWITZ,  HEVESI,  PEOPLES-STOKES  --  read  once and referred to the
          Committee on Consumer Affairs and Protection
        AN ACT to amend the general business law, in  relation  to  establishing
          the online consumer protection act
          The  People of the State of New York, represented in Senate and Assem-
        bly, do enact as follows:
     1    Section 1. Short title. This act shall be known and may  be  cited  as
     2  the "online consumer protection act".
     3    §  2.  Legislative  findings.  The  state  has  the authority to enact
     4  consumer regulations to protect the people of the state.  Recently,  the
     5  state  has enacted a series of laws to address problems arising from the
     6  ubiquity of the internet.  From  protecting  consumers  from  electronic
     7  breaches  of  security  to  enacting  laws  prohibiting  the practice of
     8  "phishing" -- an electronic form of identity theft -- the state  has  an
     9  obligation to enact sensible protections for the people.
    10    The  internet  age  has  changed, often for the better, the way people
    11  work, enjoy entertainment and interact with one another.  However,  with
    12  the  internet age new problems have arisen that must be addressed, chief
    13  among them, the loss of personal privacy. Recent examples, including one
    14  where search engine results were tracked to an individual,  have  illus-
    15  trated  that  a  person's  privacy can be breached easily and with grave
    16  consequences. There is a fundamental rift  between  tracking  technology
    17  and  consumers'  right  to  control  what data is collected and where it
    18  goes. Action must be taken in order to prevent more egregious violations
    19  of  privacy  occurring  including  price  discrimination,  exposure   of
    20  personal information to subpoenas and warrantless government access.
    21    This  act  establishes  provisions  to  allow consumers the ability to
    22  simply opt-out of being monitored on  the  internet.  Such  protections,

         EXPLANATION--Matter in italics (underscored) is new; matter in brackets
                              [ ] is old law to be omitted.

        A. 1366                             2
     1  akin  to the do not call registry, are a fair, sensible and common sense
     2  way to give consumers a clear choice with respect to being monitored.
     3    § 3. The general business law is amended by adding a new section 390-e
     4  to read as follows:
     5    §  390-e.  Online  consumer  protection.  1.  For the purposes of this
     6  section the following terms shall have the following meanings:
     7    (a) The term "online preference marketing" shall mean a type of adver-
     8  tisement delivery and reporting whereby data is collected  to  determine
     9  or  predict consumer characteristics or preference for use in advertise-
    10  ment delivery on the internet.
    11    (b) The term "personally identifiable  information"  shall  mean  data
    12  that,  by  itself,  can be used to identify, contact or locate a person,
    13  including name, address, telephone number, sensitive medical  or  finan-
    14  cial data, sexual behavior, sexual orientation, or email address.
    15    (c)  The  term "publisher" shall mean any company, individual or other
    16  group that has a website, webpage or other internet page.
    17    (d) The term "consumer" shall mean any natural person using or access-
    18  ing a website, webpage or online service that includes  the  display  of
    19  advertisements.
    20    (e)  The term "advertising network" shall mean any company, individual
    21  or other group that is  collecting  online  consumer  activity  for  the
    22  purposes of ad delivery.
    23    2.  No publisher of a webpage or advertising network contracted with a
    24  publisher shall collect  personally  identifiable  information  for  the
    25  purposes  of  online  preference marketing.   This subdivision shall not
    26  apply to the collection of personally identifiable information  provided
    27  to  a  publisher  of  a webpage or advertising network contracted with a
    28  publisher by the consumer with his or her consent.
    29    3. No publisher of a webpage or advertising network contracted with  a
    30  publisher  shall  collect  any other information from a consumer that is
    31  not defined as personally identifiable information pursuant to  subdivi-
    32  sion one of this section for the purposes of online preference marketing
    33  unless  the  consumer  is  given an opportunity to opt-out of the use of
    34  such information for online marketing purposes.
    35    4. An advertising network shall post clear and conspicuous  notice  on
    36  the  home  page of its own website about its privacy policy and its data
    37  collection and use practices related to its advertising delivery  activ-
    38  ities.  If  a  publisher has contracted with an advertising network, the
    39  publisher shall post clear and conspicuous notice on  its  website  that
    40  describes  the  collection  and  use  of  information by the advertising
    41  network. If the advertising network engages in online preference market-
    42  ing, the privacy policies  of  both  the  advertising  network  and  the
    43  publisher  shall  describe  the  ability to opt-out of online preference
    44  marketing by such network.
    45    5. An advertising network shall make reasonable efforts to protect the
    46  data it collects or logs as a result of ad delivery and  reporting  from
    47  loss, misuse, alteration, destruction or improper access.
    48    6.  The  attorney  general  may  bring  an action against a person who
    49  violates the provisions of this section:
    50    (a) to enjoin further violation of the provisions of this section; and
    51    (b) to recover up to two hundred fifty dollars for  each  instance  in
    52  which identifying information is collected from a person in violation of
    53  the provisions of subdivision two or three of this section.
    54    In  an  action  under  paragraph  (b) of this subdivision, a court may
    55  increase the damages up to three times the damages allowed by such para-
    56  graph where the defendant has been found to have engaged  in  a  pattern

        A. 1366                             3
     1  and  practice of violating the provisions of subdivision two or three of
     2  this section.
     3    7.  Nothing  in this section shall in any way limit rights or remedies
     4  which are otherwise available under law to the attorney general  or  any
     5  other  person  authorized  to  bring an action under subdivision five of
     6  this section.
     7    § 4. This act shall take effect on the one hundred eightieth day after
     8  it shall have become a law.
Go to top