United States of America: Introduced New York Child Data Privacy and Protection Act (S 3281) in Senate

On 30 January 2023, the New York Child Data Privacy and Protection Act (S 3281) was introduced in the State Senate of New York. The purpose of the Act is to prevent the exploitation of data of children under the age of 18 years old. First, the Act would require data controllers to assess the impact of digital products on children, which must be submitted to the bureau of internet and technology, which determines whether the product can be offered to the public. In addition, the bureau would be required to create a plan to reduce or eliminate risks before publishing the products. Secondly, the Bill would ban certain data sets and targeted advertisements, holding that children may not be targeted unless there is prior consent from parents or legal guardians and it is demonstrated that the targeting is in the child's best interest. Thirdly, all parties offering products online would be required to create a feature that warns children, in a way that makes it easy for them to understand, that their data is being collected. In this regard, the bureau would be granted the power to ban any measure to increase children's engagement in the use of online products. The bureau would also be required to conduct a public awareness campaign and provide biannual reports. In case of non-compliance, entities would face civil penalties of up to USD 20'000 per violation and a maximum of USD 250 million.