A new NY privacy act could change the game of data protection

A few months ago, on December 6th, we reported in the site about a new proposed bill called the “Consumer Data Protection Act”. This bill is supposed to mirror the European GDPR, and at the time we assumed this indicated a new trend of privacy-keeping bills. This assumption was correct, as more states in the US pass consumer privacy bills that will provide a better protection of data.

One of these bills in the California bill that passed unanimously in June 2018. The law (CCPA) will go into effect on January 1st, 2020, and it allows Californians the right to see what information businesses collect on them, request that this data will be deleted, etc.

The CCPA is often compared to the GDPR, but there are some distinctions. For example, the CCPA does not require businesses to have a “legal basis” for collection and use of personal information. The CCPA also does not restrict the transfer of personal information outside the US. In addition, California residents’ right to access personal information is limited to data collected in the past 12 months.

In some cases, the CCPA provides a better protection of information. The CCPA’s definition of personal information specifically includes household information, a specification not included in the GDPR. CCPA also grants individuals a right to opt out of the sale of their personal information.

While the CCPA is the most extreme privacy law so for in the US, a new law, the New York Privacy Act (NYPA), is considered to be an even more robust version. Like its counterpart, the NYPA would allow consumers to have better control on their personal data, and impose duties on the businesses that control and process such data. However, there are significant differences between the two.

While the Californian law, only applies to businesses with a threshold of $25 million annual revenue, the NYPA had a much broader influence and applies to “legal entities that conduct business in New York” or that produce products or services that “intentionally target” New York residents. Besides that, the NYPA also includes a right to rectification, a right that doesn’t appear in the CCPA. Another difference, which might be the most important change, is the fact the New York State Attorney General may bring an action in the name of the state or the residents of the state (a private right of action is still available), while the CCPA only allows for a private right of action in very limited circumstances.

While the bill is still in it’s early stages, it’s safe to say that the importance of consumer’s data protection gained a much more important role in the US than in the past.

Leave a Reply