United States of America: Rejected New York Child Data Privacy and Protection Act (S 3281) in Senate

On 21 June 2023, the New York Child Data Privacy and Protection Act (S 3281) was rejected after failing to pass before the legislature adjourned.The purpose of the Act would have been to prevent the exploitation of data of children under the age of 18 years old. First, the Act would have required data controllers to assess the impact of digital products on children, which would have been submitted to the bureau of internet and technology, which would have determined whether the product could have been offered to the public. In addition, the bureau would have been required to create a plan to reduce or eliminate risks before publishing the products. Secondly, the Bill would have banned certain data sets and targeted advertisements, holding that children could not have been targeted unless there was prior consent from parents or legal guardians and it was demonstrated that the targeting was in the child's best interest. Thirdly, all parties offering products online would have been required to create a feature that warned children, in a way that made it easy for them to understand, that their data was being collected. In this regard, the bureau would have been granted the power to ban any measure to increase children's engagement in the use of online products. The bureau would have also been required to conduct a public awareness campaign and provide biannual reports. In case of non-compliance, entities would have faced civil penalties of up to USD 20'000 per violation and a maximum of USD 250 million.