Bill Text: NY A07268 | 2019-2020 | General Assembly | Introduced

New York Assembly Bill 7268 (Prior Session Legislation)

Introduced

Bill Title: Requires express and affirmative consent prior to collection, storage or transmittal of any personal information obtained from the installation or use of a smart home connected system by certain persons.

Spectrum: Partisan Bill (Democrat 1-0)

Status: (Introduced - Dead) 2020-01-08 - referred to consumer affairs and protection [A07268 Detail]

Download: New_York-2019-A07268-Introduced.html

                STATE OF NEW YORK
        ________________________________________________________________________
                                          7268
                               2019-2020 Regular Sessions
                   IN ASSEMBLY
                                     April 18, 2019
                                       ___________
        Introduced  by  M.  of  A. L. ROSENTHAL -- read once and referred to the
          Committee on Consumer Affairs and Protection
        AN ACT to amend the general business law,  in  relation  to  collection,
          storage  or  transmission of personal information collected from smart
          home systems
          The People of the State of New York, represented in Senate and  Assem-
        bly, do enact as follows:
     1    Section 1. The general business law is amended by adding a new section
     2  390-d to read as follows:
     3    §  390-d.  Smart home systems. 1. For the purposes of this section the
     4  following terms shall have the following meanings:
     5    (a) "Smart home system" means any device,  or  other  physical  object
     6  that  is  capable of connecting to the internet, directly or indirectly,
     7  and that is assigned an internet protocol address or bluetooth address.
     8    (b) "End user" means a  person  that  ultimately  uses  a  smart  home
     9  connected  system  regardless  of  whether  such  person  installed such
    10  system.
    11    (c) "Personal information"  includes,  but  is  not  limited  to,  the
    12  following:
    13    (i)  identity  information  including,  but not limited to, real name,
    14  alias, nickname, and user name;
    15    (ii) address  information,  including,  but  not  limited  to,  postal
    16  address or e-mail;
    17    (iii) telephone number;
    18    (iv) account name;
    19    (v)  social  security number or other government-issued identification
    20  number, including, but not limited to, social security number,  driver's
    21  license number, identification card number, and passport number;
    22    (vi) birthdate or age;
    23    (vii)  physical characteristic information, including, but not limited
    24  to, height and weight;
         EXPLANATION--Matter in italics (underscored) is new; matter in brackets
                              [ ] is old law to be omitted.
                                                                   LBD10974-01-9

        A. 7268                             2
     1    (viii) sexual information,  including,  but  not  limited  to,  sexual
     2  orientation, sex, gender status, gender identity, and gender expression;
     3    (ix) race or ethnicity;
     4    (x) religious affiliation or activity;
     5    (xi) political affiliation or activity;
     6    (xii) professional or employment-related information;
     7    (xiii) educational information;
     8    (xiv)  medical  information,  including,  but  not limited to, medical
     9  conditions or drugs, therapies, mental health, or  medical  products  or
    10  equipment used;
    11    (xv)  financial  information,  including,  but not limited to, credit,
    12  debit, or account numbers, account balances, payment history, or  infor-
    13  mation related to assets, liabilities, or general creditworthiness;
    14    (xvi)  commercial  information, including, but not limited to, records
    15  of property, products or services provided, obtained, or considered,  or
    16  other purchasing or consumer histories or tendencies;
    17    (xvii) location information;
    18    (xviii)  internet  or  mobile activity information, including, but not
    19  limited to, internet protocol addresses or  information  concerning  the
    20  access or use of any internet or mobile-based site or service;
    21    (xix) content, including text, photographs, audio or video recordings,
    22  or other material generated by or provided by an end user; and
    23    (xx) any of the above categories of information as they pertain to any
    24  children of an end user.
    25    2.  (a) No business which manufactures or sells a smart home connected
    26  system  shall  collect,  store  or  transmit  any  personal  information
    27  obtained  from  the installation or use of a smart home connected system
    28  to a third-party without the express and affirmative consent of the  end
    29  user of such system.
    30    (b)  No landlord who has installed a smart home connected system on or
    31  in rental property shall collect, store or transmit any personal  infor-
    32  mation  obtained  from  the  installation  or  use  of  such  smart home
    33  connected system without the express  and  affirmative  consent  of  the
    34  tenant of such rental property.
    35    (c)  No employer who has installed a smart home connected system shall
    36  collect, store or transmit any  personal  information  of  any  employee
    37  obtained  from  the  installation  or  use  of such smart home connected
    38  system without the express and affirmative consent of such employee.
    39    § 2. This act shall take effect immediately.