•  Summary 
  •  
  •  Actions 
  •  
  •  Committee Votes 
  •  
  •  Floor Votes 
  •  
  •  Memo 
  •  
  •  Text 
  •  
  •  LFIN 
  •  
  •  Chamber Video/Transcript 

A00711 Summary:

BILL NOA00711
 
SAME ASNo Same As
 
SPONSORRosenthal L
 
COSPNSR
 
MLTSPNSR
 
Add §390-e, Gen Bus L
 
Requires express and affirmative consent prior to collection, storage or transmittal of any personal information obtained from the installation or use of a smart home connected system by certain persons.
Go to top    

A00711 Actions:

BILL NOA00711
 
01/11/2023referred to consumer affairs and protection
01/03/2024referred to consumer affairs and protection
Go to top

A00711 Memo:

NEW YORK STATE ASSEMBLY
MEMORANDUM IN SUPPORT OF LEGISLATION
submitted in accordance with Assembly Rule III, Sec 1(f)
 
BILL NUMBER: A711
 
SPONSOR: Rosenthal L
  TITLE OF BILL: An act to amend the general business law, in relation to collection, storage or transmission of personal information collected from smart home systems   PURPOSE: This bill relates to collection, storage or transmission of personal information collected from smart home systems.   SUMMARY OF SPECIFIC PROVISIONS: Section one amends the general business law by adding a new section 390-d. Section two establishes the effective date.   JUSTIFICATION: Technological advances have revolutionized traditional household appli- ances and operating systems. Smart devices, like smart fridges that monitor their own inventory and thermostats that constantly self-regu- late, rely on artificial intelligence (AI) technology to gather data to integrate seamlessly into the user's life. The products rely on user surveillance to function optimally, but users are often not aware that the data collected can be stored and even sold to third parties. While New Yorkers race forward to embrace new technologies that will no doubt reshape our daily lives, we must also be hyper vigilant of the dangers these devices pose. Without the consent of the consumer, many of these "smart" technologies are constantly collecting data on the behav- ior and patterns of the household they occupy. Unwittingly, consumers are being asked to exchange access to their private lives for new conveniences. This legislation aims to establish a regulatory framework for the collection, storage and transmission of personal information collected on such smart devices. This legislation prohibits any business that manufactures or sells a smart home device or system in New York State from storing or transmitting to a third-party, any personal information obtained from the installation or use of a smart home device or system, without the express and affirmative consent of the consumer. Further, this legislation prohibits any landlord or employer who has installed such a device or system from storing or transmitting any personal data without the tenant or employees express and affirmative consent. This bill will help ensure that while New Yorkers continue to embrace new technologies their privacy is safeguarded.   LEGISLATIVE HISTORY: 2021-22: A.733 - Referred to Consumer Affairs and Protection 2019-20: A.7268 - Referred to Consumer Affairs and Protection   FISCAL IMPLICATIONS: Undetermined.   EFFECTIVE DATE: This act shall take effect immediately.
Go to top

A00711 Text:



 
                STATE OF NEW YORK
        ________________________________________________________________________
 
                                           711
 
                               2023-2024 Regular Sessions
 
                   IN ASSEMBLY
 
                                    January 11, 2023
                                       ___________
 
        Introduced  by  M.  of  A. L. ROSENTHAL -- read once and referred to the
          Committee on Consumer Affairs and Protection
 
        AN ACT to amend the general business law,  in  relation  to  collection,
          storage  or  transmission of personal information collected from smart
          home systems

          The People of the State of New York, represented in Senate and  Assem-
        bly, do enact as follows:
 
     1    Section 1. The general business law is amended by adding a new section
     2  390-e to read as follows:
     3    §  390-e.  Smart home systems. 1. For the purposes of this section the
     4  following terms shall have the following meanings:
     5    (a) "Smart home system" means any device,  or  other  physical  object
     6  that  is  capable of connecting to the internet, directly or indirectly,
     7  and that is assigned an internet protocol address or bluetooth address.
     8    (b) "End user" means a  person  that  ultimately  uses  a  smart  home
     9  connected  system  regardless  of  whether  such  person  installed such
    10  system.
    11    (c) "Personal information"  includes,  but  is  not  limited  to,  the
    12  following:
    13    (i)  identity  information  including,  but not limited to, real name,
    14  alias, nickname, and user name;
    15    (ii) address  information,  including,  but  not  limited  to,  postal
    16  address or e-mail;
    17    (iii) telephone number;
    18    (iv) account name;
    19    (v)  social  security number or other government-issued identification
    20  number, including, but not limited to, social security number,  driver's
    21  license number, identification card number, and passport number;
    22    (vi) birthdate or age;
    23    (vii)  physical characteristic information, including, but not limited
    24  to, height and weight;

         EXPLANATION--Matter in italics (underscored) is new; matter in brackets
                              [ ] is old law to be omitted.
                                                                   LBD00703-01-3

        A. 711                              2
 
     1    (viii) sexual information,  including,  but  not  limited  to,  sexual
     2  orientation, sex, gender status, gender identity, and gender expression;
     3    (ix) race or ethnicity;
     4    (x) religious affiliation or activity;
     5    (xi) political affiliation or activity;
     6    (xii) professional or employment-related information;
     7    (xiii) educational information;
     8    (xiv)  medical  information,  including,  but  not limited to, medical
     9  conditions or drugs, therapies, mental health, or  medical  products  or
    10  equipment used;
    11    (xv)  financial  information,  including,  but not limited to, credit,
    12  debit, or account numbers, account balances, payment history, or  infor-
    13  mation related to assets, liabilities, or general creditworthiness;
    14    (xvi)  commercial  information, including, but not limited to, records
    15  of property, products or services provided, obtained, or considered,  or
    16  other purchasing or consumer histories or tendencies;
    17    (xvii) location information;
    18    (xviii)  internet  or  mobile activity information, including, but not
    19  limited to, internet protocol addresses or  information  concerning  the
    20  access or use of any internet or mobile-based site or service;
    21    (xix) content, including text, photographs, audio or video recordings,
    22  or other material generated by or provided by an end user; and
    23    (xx) any of the above categories of information as they pertain to any
    24  children of an end user.
    25    2.  (a) No business which manufactures or sells a smart home connected
    26  system  shall  collect,  store  or  transmit  any  personal  information
    27  obtained  from  the installation or use of a smart home connected system
    28  to a third-party without the express and affirmative consent of the  end
    29  user of such system.
    30    (b)  No landlord who has installed a smart home connected system on or
    31  in rental property shall collect, store or transmit any personal  infor-
    32  mation  obtained  from  the  installation  or  use  of  such  smart home
    33  connected system without the express  and  affirmative  consent  of  the
    34  tenant of such rental property.
    35    (c)  No employer who has installed a smart home connected system shall
    36  collect, store or transmit any  personal  information  of  any  employee
    37  obtained  from  the  installation  or  use  of such smart home connected
    38  system without the express and affirmative consent of such employee.
    39    § 2. This act shall take effect immediately.
Go to top