New York AG Office: Now is Time for Comprehensive Privacy Law
New York should catch up with many other states and enact comprehensive privacy legislation, officials from the state attorney general’s office told a joint hearing of the Assembly Consumer Affairs and Science committees recorded Tuesday.
Sign up for a free preview to unlock the rest of this article
Export Compliance Daily combines U.S. export control news, foreign border import regulation and policy developments into a single daily information service that reliably informs its trade professional readers about important current issues affecting their operations.
After California became the first state to pass a comprehensive privacy law in 2018, New York, for several years, introduced but failed to pass a similar statute, while 19 other states got bills across the finish line.
Some Assembly members showed interest in passing such a bill soon. While New York legislators already completed their 2025 session, various privacy bills could return in early 2026. “Hopefully, we'll get to some good legislation to pass this year,” said Science Committee Chair Steven Otis (D) as the hearing concluded. But earlier he said he wanted to learn what was good and bad about other states’ laws. “Here in New York we want to make sure that we do it right.”
“Now is the time to reclaim New Yorkers' rights to autonomy, privacy and data security,” said Chris D’Angelo, chief deputy AG for economic justice. "New York ... is significantly trailing 20 other states in enacting comprehensive privacy legislation." A broader law can build on the foundation of existing kids and health privacy legislation passed by the legislature, he added.
A comprehensive privacy law should contain “clear consumer rights,” including support for universal opt-out preference signals and opt-in consent for sensitive data such as health, genetic, financial and precise geolocation data and for algorithmic personalization, said Karuna Patel, senior counsel of the AG office’s Economic Justice Division.
Patel also called for “mandatory business duties,” including only collecting information that is "strictly necessary" and not retaining it longer than necessary. The AG office should enforce the law and have discretionary rulemaking authority -- and receive more resources from the legislature to do the job, she added.
One person who testified at the hearing, Electronic Frontier Foundation State Affairs Director Hayley Tsukayama, said in an email Friday with Privacy Daily that she is "cautiously hopeful that there’s appetite in New York to continue improving privacy law for everyday people."
"Lawmakers asked good and thoughtful questions throughout the hearing," the EFF official said. "I also appreciated what I thought was a far more balanced set of witnesses -- a mix of advocates, academics, and industry -- [than at] other hearings I’ve seen."