Bill Text: NY A05152 | 2009-2010 | General Assembly | Introduced

Bill Title: An act to amend the general business law, in relation to protecting the privacy of internet users

Spectrum: Partisan Bill (Democrat 30-0)

Status: (Introduced - Dead) 2010-01-06 - referred to consumer affairs and protection [A05152 Detail]

Download: New_York-2009-A05152-Introduced.html
                           S T A T E   O F   N E W   Y O R K
       ________________________________________________________________________
                                         5152
                              2009-2010 Regular Sessions
                                 I N  A S S E M B L Y
                                   February 10, 2009
                                      ___________
       Introduced by M. of A. BRENNAN, PHEFFER, PARMENT, DINOWITZ, JOHN, PERRY,
         JAFFEE  --  Multi-Sponsored  by  --  M. of A. BOYLAND, CAHILL, COLTON,
         COOK, DelMONTE, DESTITO, FIELDS, GABRYSZAK, GALEF, GOTTFRIED,  HIKIND,
         JACOBS,   LUPARDO,   MARKEY,   MAYERSOHN,  McENENY,  MILLMAN,  REILLY,
         N. RIVERA, SWEENEY, TITONE, TOWNS, WRIGHT -- read once and referred to
         the Committee on Consumer Affairs and Protection
       AN ACT to amend the general business law, in relation to protecting  the
         privacy of internet users
         THE  PEOPLE OF THE STATE OF NEW YORK, REPRESENTED IN SENATE AND ASSEM-
       BLY, DO ENACT AS FOLLOWS:
    1    Section 1. Short title. This act shall be known and may  be  cited  as
    2  "New York state internet privacy law".
    3    S 2. Legislative intent. 1. The legislature finds that the internet is
    4  becoming a major part of the personal and commercial lives of Americans.
    5  The  internet brings with it much good, such as increased personal know-
    6  ledge and communications, and increased and  more  efficient  commercial
    7  opportunities.
    8    2. The privacy of personal information flowing over the internet is of
    9  concern.  Vast amounts of personal information about individual internet
   10  users are collected on the internet and sold or otherwise transferred to
   11  third parties. Polls consistently show that  individual  internet  users
   12  are  highly  troubled  over  their  lack  of control over their personal
   13  information. In fact, concern  over  personal  privacy  is  one  of  the
   14  biggest  factors holding back even greater commercial development of the
   15  internet.
   16    3. The right to privacy is a personal and fundamental right worthy  of
   17  protection  through  appropriate  legislation.    Industry has developed
   18  several self-policing schemes, but none of them  are  enforceable  in  a
   19  meaningful  way.    Meaningful, enforceable internet privacy rules would
   20  protect New York citizens and would  foster  the  growth  of  electronic
   21  commerce in New York.
        EXPLANATION--Matter in ITALICS (underscored) is new; matter in brackets
                             [ ] is old law to be omitted.
                                                                  LBD02645-01-9
       A. 5152                             2
    1    4.  The legislature intends to establish strong privacy rules to which
    2  an operator of a website or online service  may  voluntarily  choose  to
    3  submit.    The  incentive for the operator to submit will be that it may
    4  publicize that it complies with the New York state internet privacy law.
    5  Any  operator  who  does  so  advertise may be subject to an enforcement
    6  action.
    7    S 3. Article 40 and sections 900 and 901 of the general business  law,
    8  as renumbered by chapter 407 of the laws of 1973, are renumbered article
    9  41  and  sections 1000 and 1001 and a new article 40 is added to read as
   10  follows:
   11                                  ARTICLE 40
   12                     NEW YORK STATE INTERNET PRIVACY LAW
   13  SECTION 900. DEFINITIONS.
   14          901. APPLICABILITY OF ARTICLE.
   15          902. DISCLOSURE OF PERSONAL INFORMATION.
   16          903. THIRD PARTIES.
   17          904. USER'S RIGHT TO INSPECT AND CORRECT INFORMATION.
   18          905. DURATION OF OPERATOR'S RESPONSIBILITY.
   19          906. ENFORCEMENT.
   20          907. SEPARABILITY CLAUSE.
   21    S 900. DEFINITIONS. AS USED IN THIS ARTICLE:
   22    1. THE TERM "INTERNET" MEANS COLLECTIVELY THE MYRIAD OF  COMPUTER  AND
   23  TELECOMMUNICATIONS  FACILITIES,  INCLUDING EQUIPMENT AND OPERATING SOFT-
   24  WARE, WHICH COMPRISE THE INTERCONNECTED WORLD-WIDE NETWORK  OF  NETWORKS
   25  THAT  EMPLOY THE TRANSMISSION CONTROL PROTOCOL/INTERNET PROTOCOL, OR ANY
   26  PREDECESSOR OR SUCCESSOR PROTOCOLS  TO  SUCH  PROTOCOL,  TO  COMMUNICATE
   27  INFORMATION OF ALL KINDS BY WIRE OR RADIO.
   28    2. THE TERM "OPERATOR" MEANS ANY PERSON WHO OPERATES A WEBSITE LOCATED
   29  ON  THE  INTERNET  OR  AN  ONLINE  SERVICE AND WHO COLLECTS OR MAINTAINS
   30  PERSONAL INFORMATION FROM OR ABOUT THE USERS  OF  OR  VISITORS  TO  SUCH
   31  WEBSITE  OR  ONLINE  SERVICE,  OR  ON  WHOSE  BEHALF SUCH INFORMATION IS
   32  COLLECTED OR MAINTAINED, WHERE SUCH WEBSITE OR ONLINE SERVICE  IS  OPER-
   33  ATED  FOR COMMERCIAL PURPOSES, INCLUDING ANY PERSON OFFERING PRODUCTS OR
   34  SERVICES FOR SALE THROUGH THAT  WEBSITE  OR  ONLINE  SERVICE,  INVOLVING
   35  COMMERCE.
   36    3. THE TERM "USER" MEANS A PERSON WHO USES AN ONLINE SERVICE OR VISITS
   37  A WEBSITE.
   38    4.  THE  TERM  "PERSONAL  INFORMATION" MEANS INDIVIDUALLY IDENTIFIABLE
   39  INFORMATION ABOUT AN INDIVIDUAL COLLECTED ONLINE, INCLUDING:
   40    (A) A FIRST AND LAST NAME;
   41    (B) A HOME OR OTHER PHYSICAL ADDRESS INCLUDING STREET NAME AND NAME OF
   42  A CITY OR TOWN;
   43    (C) AN E-MAIL ADDRESS;
   44    (D) A TELEPHONE NUMBER;
   45    (E) A SOCIAL SECURITY NUMBER;
   46    (F) ANY OTHER IDENTIFIER THAT PERMITS THE PHYSICAL OR ONLINE  CONTACT-
   47  ING OF A SPECIFIC INDIVIDUAL; OR
   48    (G)  INFORMATION  CONCERNING A CHILD OR THE PARENTS OF THAT CHILD THAT
   49  THE OPERATOR COLLECTS ONLINE FROM THE CHILD AND  COMBINES  WITH  ANOTHER
   50  IDENTIFIER SET FORTH IN THIS SUBDIVISION.
   51    5. THE TERM "DISCLOSURE" MEANS, WITH RESPECT TO PERSONAL INFORMATION:
   52    (A) THE RELEASE OF PERSONAL INFORMATION COLLECTED IN IDENTIFIABLE FORM
   53  BY  AN  OPERATOR  FOR  ANY  PURPOSE,  EXCEPT  WHERE  SUCH INFORMATION IS
   54  PROVIDED TO A PERSON OTHER THAN THE OPERATOR WHO  PROVIDES  SUPPORT  FOR
   55  THE INTERNAL OPERATIONS OF THE WEBSITE AND DOES NOT DISCLOSE OR USE THAT
   56  INFORMATION FOR ANY OTHER PURPOSE; AND
       A. 5152                             3
    1    (B) MAKING PERSONAL INFORMATION COLLECTED FROM A CHILD BY A WEBSITE OR
    2  ONLINE  SERVICE  DIRECTED TO CHILDREN OR WITH ACTUAL KNOWLEDGE THAT SUCH
    3  INFORMATION WAS COLLECTED FROM A CHILD, PUBLICLY AVAILABLE IN  IDENTIFI-
    4  ABLE  FORM,  BY  ANY  MEANS  INCLUDING  BY A PUBLIC POSTING, THROUGH THE
    5  INTERNET, OR THROUGH:
    6    (I) A HOME PAGE OF A WEBSITE;
    7    (II) A PEN PAL SERVICE;
    8    (III) AN ELECTRONIC MAIL SERVICE;
    9    (IV) A MESSAGE BOARD; OR
   10    (V) A CHAT ROOM.
   11    6.  THE  TERM  "THIRD PARTY" MEANS A PERSON OTHER THAN THE USER OR THE
   12  OPERATOR, OR AN EMPLOYEE OF THE OPERATOR.
   13    S 901. APPLICABILITY OF ARTICLE. AN OPERATOR IS SUBJECT TO THIS  ARTI-
   14  CLE  IF IT ADVERTISES OR OTHERWISE PUBLICLY STATES THAT IT COMPLIES WITH
   15  THE "NEW YORK STATE INTERNET PRIVACY LAW".
   16    S 902. DISCLOSURE OF PERSONAL INFORMATION. 1. AN  OPERATOR  SHALL  NOT
   17  DISCLOSE  TO  A  THIRD  PARTY  ANY  PERSONALLY  IDENTIFIABLE INFORMATION
   18  OBTAINED FROM A USER WITHOUT  THE  USER'S  PRIOR  INFORMED,  AFFIRMATIVE
   19  WRITTEN CONSENT.
   20    2.  INFORMED CONSENT REQUIRES THAT THE OPERATOR NOTIFY THE USER OF THE
   21  IDENTITY OF ANY THIRD PARTY WHICH  WILL  RECEIVE  HIS  OR  HER  PERSONAL
   22  INFORMATION, AND FOR WHAT PURPOSE THE INFORMATION WILL BE USED.
   23    3. INFORMED WRITTEN CONSENT MAY BE OBTAINED ONLY UPON NOTICE TO A USER
   24  OF  HIS  OR  HER  RIGHTS UNDER THIS LAW. SUCH NOTICE MUST BE IN WRITING,
   25  CLEAR AND CONSPICUOUS, AND IN PLAIN ENGLISH.
   26    4. AN OPERATOR SHALL PERMIT A PERSON TO  REVOKE  THE  CONSENT  GRANTED
   27  UNDER SUBDIVISION ONE OF THIS SECTION AT ANY TIME, AND UPON SUCH REVOCA-
   28  TION,  SUCH  OPERATOR SHALL CEASE DISCLOSING SUCH INFORMATION TO A THIRD
   29  PARTY.
   30    5. AN OPERATOR OR AN EMPLOYEE OF SUCH  OPERATOR  SHALL  NOT  KNOWINGLY
   31  DISCLOSE  TO  A  THIRD  PARTY  ANY  PERSONALLY  IDENTIFIABLE INFORMATION
   32  PROVIDED BY A SUBSCRIBER TO SUCH SERVICE  THAT  SUCH  SERVICE,  OR  SUCH
   33  EMPLOYEE, HAS KNOWINGLY FALSIFIED.
   34    6.  NOTWITHSTANDING THE PROVISIONS OF SUBDIVISION ONE OF THIS SECTION,
   35  NEITHER AN OPERATOR NOR THE OPERATOR'S AGENT SHALL BE HELD TO BE  LIABLE
   36  FOR  ANY  DISCLOSURE  MADE IN GOOD FAITH AND FOLLOWING REASONABLE PROCE-
   37  DURES IN RESPONDING TO A REQUEST FOR DISCLOSURE OF PERSONAL  INFORMATION
   38  UNDER THE FEDERAL CHILDREN'S ONLINE PRIVACY PROTECTION ACT TO THE PARENT
   39  OF A CHILD.
   40    7.  NOTWITHSTANDING THE PROVISIONS OF SUBDIVISION ONE OF THIS SECTION,
   41  AN OPERATOR MAY DISCLOSE PERSONAL INFORMATION,  WITHOUT  NOTICE  TO  THE
   42  USER,  WHEN  NECESSARY  TO  RESPOND TO A COURT ORDER, SUBPOENA, OR OTHER
   43  LEGAL PROCESS.
   44    S 903. THIRD PARTIES. 1. PRIOR TO DISCLOSING PERSONAL INFORMATION TO A
   45  THIRD PARTY, AN OPERATOR SHALL INFORM THE THIRD PARTY OF THE  PROVISIONS
   46  OF THIS ARTICLE, AND OBTAIN FROM THE THIRD PARTY A WRITTEN CERTIFICATION
   47  THAT THE THIRD PARTY WILL COMPLY WITH THIS ARTICLE.
   48    2.  A THIRD PARTY WHICH RECEIVES PERSONAL INFORMATION PURSUANT TO THIS
   49  ARTICLE MAY USE SUCH INFORMATION ONLY FOR THE PURPOSE OF WHICH THE  USER
   50  HAS BEEN NOTIFIED.
   51    S  904.  USER'S  RIGHT  TO  INSPECT  AND  CORRECT INFORMATION. 1. UPON
   52  REQUEST AN OPERATOR SHALL (A) PROVIDE A PERSON WITH HIS OR HER  PERSONAL
   53  INFORMATION  MAINTAINED  BY  THE OPERATOR; (B) PERMIT THE USER TO VERIFY
   54  SUCH INFORMATION MAINTAINED BY THE SERVICE; AND (C) PERMIT THE  USER  TO
   55  CORRECT ANY ERROR IN SUCH INFORMATION.
       A. 5152                             4
    1    2. UPON REQUEST, AN OPERATOR SHALL PROVIDE TO THE USER THE IDENTITY OF
    2  THE THIRD PARTY RECIPIENTS OF HIS OF HER PERSONAL INFORMATION.
    3    3.  AN  OPERATOR  SHALL NOT CHARGE A FEE FOR ONE ANNUAL REQUEST THAT A
    4  PERSON MAKES FOR THE INFORMATION SET FORTH IN SUBDIVISION FOUR  OR  FIVE
    5  OF  SECTION  NINE  HUNDRED  OF THIS ARTICLE. FOR ADDITIONAL REQUESTS, AN
    6  OPERATOR MAY CHARGE A FEE CONSISTING OF THE OPERATOR'S  ACTUAL  COST  OF
    7  PROVIDING  THE  INFORMATION.  AN OPERATOR SHALL PROVIDE AN ABILITY FOR A
    8  USER TO ELECTRONICALLY REQUEST AND RECEIVE THE INFORMATION SET FORTH  IN
    9  THIS SECTION.
   10    S 905. DURATION OF OPERATOR'S RESPONSIBILITY. ANY PERSONAL INFORMATION
   11  WHICH  AN  OPERATOR  OBTAINS  WITHIN  THIRTY DAYS OF THE OPERATOR'S LAST
   12  ADVERTISEMENT OR PUBLIC STATEMENT PURSUANT TO SECTION NINE  HUNDRED  ONE
   13  OF THIS ARTICLE SHALL BE SUBJECT TO THIS ARTICLE.
   14    S 906. ENFORCEMENT. 1. ANY PERSON FOUND TO HAVE VIOLATED THIS ARTICLE,
   15  KNOWINGLY  OR  RECKLESSLY, SHALL BE LIABLE TO THE AGGRIEVED USER FOR ALL
   16  ACTUAL DAMAGES SUSTAINED  BY  SUCH  USER  AS  A  DIRECT  RESULT  OF  THE
   17  VIOLATION,  PROVIDED  THAT  ANY SUBSCRIBER WHO PREVAILS OR SUBSTANTIALLY
   18  PREVAILS IN ANY ACTION BROUGHT UNDER THIS SECTION SHALL RECEIVE NOT LESS
   19  THAN FIVE HUNDRED DOLLARS IN DAMAGES, REGARDLESS OF THE AMOUNT OF ACTUAL
   20  DAMAGE PROVED, PLUS COSTS, DISBURSEMENTS AND REASONABLE ATTORNEY'S FEES.
   21  AN ACTION BROUGHT PURSUANT TO THIS SECTION MAY BE MAINTAINED AS A  CLASS
   22  ACTION.
   23    2. WHENEVER THERE SHALL BE A VIOLATION OF THIS ARTICLE, AN APPLICATION
   24  MAY  BE  MADE  BY  THE ATTORNEY GENERAL IN THE NAME OF THE PEOPLE OF THE
   25  STATE OF NEW YORK TO A COURT OR JUSTICE HAVING JURISDICTION BY A SPECIAL
   26  PROCEEDING TO ISSUE AN INJUNCTION, AND UPON NOTICE TO THE  DEFENDANT  OF
   27  NOT LESS THAN FIVE DAYS, TO ENJOIN AND RESTRAIN THE CONTINUATION OF SUCH
   28  VIOLATION;  AND  IF  IT SHALL APPEAR TO THE SATISFACTION OF THE COURT OR
   29  JUSTICE THAT THE DEFENDANT HAS,  IN  FACT,  VIOLATED  THIS  ARTICLE,  AN
   30  INJUNCTION  MAY  BE  ISSUED  BY  SUCH  COURT  OR  JUSTICE, ENJOINING AND
   31  RESTRAINING ANY FURTHER VIOLATION,  WITHOUT  REQUIRING  PROOF  THAT  ANY
   32  PERSON  HAS,  IN  FACT,  BEEN  INJURED  OR  DAMAGED THEREBY. IN ANY SUCH
   33  PROCEEDING, THE COURT MAY MAKE ALLOWANCES TO  THE  ATTORNEY  GENERAL  AS
   34  PROVIDED  IN  PARAGRAPH  SIX  OF SUBDIVISION (A) OF SECTION EIGHTY-THREE
   35  HUNDRED THREE OF THE CIVIL PRACTICE LAW AND RULES  AND  DIRECT  RESTITU-
   36  TION.  WHENEVER  THE  COURT  SHALL  DETERMINE  THAT  A GROSSLY NEGLIGENT
   37  VIOLATION OF THIS ARTICLE HAS OCCURRED, THE COURT  MAY  IMPOSE  A  CIVIL
   38  PENALTY  OF  NOT  MORE  THAN ONE THOUSAND DOLLARS FOR SUCH VIOLATION. IN
   39  CONNECTION WITH ANY SUCH PROPOSED APPLICATION, THE ATTORNEY  GENERAL  IS
   40  AUTHORIZED  TO TAKE PROOF AND MAKE A DETERMINATION OF THE RELEVANT FACTS
   41  AND TO ISSUE SUBPOENAS IN ACCORDANCE WITH THE  CIVIL  PRACTICE  LAW  AND
   42  RULES.
   43    3.  THE  REMEDIES PROVIDED BY THIS ARTICLE SHALL BE IN ADDITION TO ANY
   44  OTHER LAWFUL REMEDY AVAILABLE TO A SUBSCRIBER.
   45    4. NO ACTION MAY BE BROUGHT  UNDER  THE  PROVISIONS  OF  THIS  SECTION
   46  UNLESS  SUCH  ACTION  IS COMMENCED WITHIN THE TWO YEARS FROM THE DATE OF
   47  THE ACT COMPLAINED OF OR THE DATE OF DISCOVERY OF SUCH ACT.
   48    S 907. SEPARABILITY CLAUSE. IF ANY CLAUSE, PARAGRAPH, SECTION OR  PART
   49  OF THIS ARTICLE SHALL BE ADJUDGED BY ANY COURT OF COMPETENT JURISDICTION
   50  TO  BE  INVALID  OR  UNCONSTITUTIONAL,  SUCH  JUDGMENT SHALL NOT AFFECT,
   51  IMPAIR OR INVALIDATE THE REMAINDER THEREOF, BUT SHALL BE CONFINED IN ITS
   52  OPERATION TO THE CLAUSE, SENTENCE, PARAGRAPH, SECTION  OR  PART  THEREOF
   53  DIRECTLY  INVOLVED  IN THE CONTROVERSY IN WHICH SUCH JUDGMENT SHALL HAVE
   54  BEEN RENDERED.
   55    S 4. This act shall take effect on the one hundred eightieth day after
   56  it shall have become a law.

LegiScan Search

View Top 50 Searches

Select area of search.
Find an exact bill number.
Search bill text and data. [help]
Reset

LegiScan Trends

View Top 50 National

TX HB1062 Relating to purchasing gold and silver bullion for this state to hold in...
US HB10041 LITTLE Act of 2024 Lowering Infant and Toddler Tuition for Learning and...
US HB10060 Medicare Breast Reconstruction Access and Information Act
NJ S3890 Requires public institution of higher education to provide students with...
US HB10154 Ballot Box Protection Act
US HB10072 Long-Term Care Transparency Act
US HB10038 To direct the Secretary of Veterans Affairs to conduct a pilot program...
PA HB2381 In powers and duties, providing for temporary rulemaking authority.
US HB10070 COAST Act Creating Opportunities to Advance Shoreline Treatments Act
US HB10159 Affordable Loans for Students Act
feedback