•  Summary 
  •  
  •  Actions 
  •  
  •  Committee Votes 
  •  
  •  Floor Votes 
  •  
  •  Memo 
  •  
  •  Text 
  •  
  •  LFIN 
  •  
  •  Chamber Video/Transcript 

A00733 Summary:

BILL NOA00733
 
SAME ASNo Same As
 
SPONSORRosenthal L
 
COSPNSR
 
MLTSPNSR
 
Add §390-d, Gen Bus L
 
Requires express and affirmative consent prior to collection, storage or transmittal of any personal information obtained from the installation or use of a smart home connected system by certain persons.
Go to top    

A00733 Actions:

BILL NOA00733
 
01/06/2021referred to consumer affairs and protection
Go to top

A00733 Memo:

NEW YORK STATE ASSEMBLY
MEMORANDUM IN SUPPORT OF LEGISLATION
submitted in accordance with Assembly Rule III, Sec 1(f)
 
BILL NUMBER: A733
 
SPONSOR: Rosenthal L
  TITLE OF BILL: An act to amend the general business law, in relation to collection, storage or transmission of personal information collected from smart home systems   PURPOSE: This bill relates to collection, storage or transmission of personal information collected from smart home systems.   SUMMARY OF SPECIFIC PROVISIONS: Section one amends the general business law by adding a new section 390-d. Section two establishes the effective date.   JUSTIFICATION: Technological advances have revolutionized traditional household appli- ances and operating systems. Smart devices, like smart fridges that monitor their own inventory and thermostats that constantly self-regu- late, rely on artificial intelligence (AI) technology to gather data to integrate seamlessly into the user's life. The products rely on user surveillance to function optimally, but users are often not aware that the data collected can be stored and even sold to third parties. While New Yorkers race forward to embrace new technologies that will no doubt reshape our daily lives, we must also be hyper vigilant of the dangers these devices pose. Without the consent of the consumer, many of these "smart" technologies are constantly collecting data on the behav- ior and patterns of the household they occupy. Unwittingly, consumers are being asked to exchange access to their private lives for new conveniences. This legislation aims to establish a regulatory framework for the collection, storage and transmission of personal information collected on such smart devices. This legislation prohibits any business that manufactures or sells a smart home device or system in New York State from storing or transmitting to a third-party, any personal information obtained from the installation or use of a smart home device or system, without the express and affirmative consent of the consumer. Further, this legislation prohibits any landlord or employer who has installed such a device or system from storing or transmitting any personal data without the tenant or employees express and affirmative consent. This bill will help ensure that while New Yorkers continue to embrace new technologies their privacy is safeguarded.   LEGISLATIVE HISTORY: 2019-20: A.7268 -Referred to Consumer Affairs and Protection   FISCAL IMPLICATIONS: Undetermined.   EFFECTIVE DATE: This act shall take effect immediately.
Go to top

A00733 Text:



 
                STATE OF NEW YORK
        ________________________________________________________________________
 
                                           733
 
                               2021-2022 Regular Sessions
 
                   IN ASSEMBLY
 
                                       (Prefiled)
 
                                     January 6, 2021
                                       ___________
 
        Introduced  by  M.  of  A. L. ROSENTHAL -- read once and referred to the
          Committee on Consumer Affairs and Protection
 
        AN ACT to amend the general business law,  in  relation  to  collection,
          storage  or  transmission of personal information collected from smart
          home systems

          The People of the State of New York, represented in Senate and  Assem-
        bly, do enact as follows:
 
     1    Section 1. The general business law is amended by adding a new section
     2  390-d to read as follows:
     3    §  390-d.  Smart home systems. 1. For the purposes of this section the
     4  following terms shall have the following meanings:
     5    (a) "Smart home system" means any device,  or  other  physical  object
     6  that  is  capable of connecting to the internet, directly or indirectly,
     7  and that is assigned an internet protocol address or bluetooth address.
     8    (b) "End user" means a  person  that  ultimately  uses  a  smart  home
     9  connected  system  regardless  of  whether  such  person  installed such
    10  system.
    11    (c) "Personal information"  includes,  but  is  not  limited  to,  the
    12  following:
    13    (i)  identity  information  including,  but not limited to, real name,
    14  alias, nickname, and user name;
    15    (ii) address  information,  including,  but  not  limited  to,  postal
    16  address or e-mail;
    17    (iii) telephone number;
    18    (iv) account name;
    19    (v)  social  security number or other government-issued identification
    20  number, including, but not limited to, social security number,  driver's
    21  license number, identification card number, and passport number;
    22    (vi) birthdate or age;
 
         EXPLANATION--Matter in italics (underscored) is new; matter in brackets
                              [ ] is old law to be omitted.
                                                                   LBD00550-01-1

        A. 733                              2
 
     1    (vii)  physical characteristic information, including, but not limited
     2  to, height and weight;
     3    (viii)  sexual  information,  including,  but  not  limited to, sexual
     4  orientation, sex, gender status, gender identity, and gender expression;
     5    (ix) race or ethnicity;
     6    (x) religious affiliation or activity;
     7    (xi) political affiliation or activity;
     8    (xii) professional or employment-related information;
     9    (xiii) educational information;
    10    (xiv) medical information, including,  but  not  limited  to,  medical
    11  conditions  or  drugs,  therapies, mental health, or medical products or
    12  equipment used;
    13    (xv) financial information, including, but  not  limited  to,  credit,
    14  debit,  or account numbers, account balances, payment history, or infor-
    15  mation related to assets, liabilities, or general creditworthiness;
    16    (xvi) commercial information, including, but not limited  to,  records
    17  of  property, products or services provided, obtained, or considered, or
    18  other purchasing or consumer histories or tendencies;
    19    (xvii) location information;
    20    (xviii) internet or mobile activity information,  including,  but  not
    21  limited  to,  internet  protocol addresses or information concerning the
    22  access or use of any internet or mobile-based site or service;
    23    (xix) content, including text, photographs, audio or video recordings,
    24  or other material generated by or provided by an end user; and
    25    (xx) any of the above categories of information as they pertain to any
    26  children of an end user.
    27    2. (a) No business which manufactures or sells a smart home  connected
    28  system  shall  collect,  store  or  transmit  any  personal  information
    29  obtained from the installation or use of a smart home  connected  system
    30  to  a third-party without the express and affirmative consent of the end
    31  user of such system.
    32    (b) No landlord who has installed a smart home connected system on  or
    33  in  rental property shall collect, store or transmit any personal infor-
    34  mation obtained  from  the  installation  or  use  of  such  smart  home
    35  connected  system  without  the  express  and affirmative consent of the
    36  tenant of such rental property.
    37    (c) No employer who has installed a smart home connected system  shall
    38  collect,  store  or  transmit  any  personal information of any employee
    39  obtained from the installation or  use  of  such  smart  home  connected
    40  system without the express and affirmative consent of such employee.
    41    § 2. This act shall take effect immediately.
Go to top