NY State Senate Bill 2017-S5576

Senate Bill S5576

2017-2018 Legislative Session

Requires internet service providers to provide customers with a copy of their privacy policy and to obtain written and explicit permission from a customer prior to sharing customer information

download bill text pdf

Archive: Last Bill Status - In Senate Committee Consumer Protection Committee

Introduced
- In Committee Assembly
- In Committee Senate
- On Floor Calendar Assembly
- On Floor Calendar Senate
- Passed Assembly
- Passed Senate
Delivered to Governor
Signed By Governor

Please enter your contact information

First Name

Last Name

Email Address

A valid email address is required.

Home address is used to determine the senate district in which you reside. Your support or opposition to this bill is then shared immediately with the senator who represents you.

Optional services from the NY State Senate:

Create an account. An account allows you to officially support or oppose key legislation, sign petitions with a single click, and follow issues, committees, and bills that matter to you. When you create an account, you agree to this platform's terms of participation.

Include a custom message for your Senator? (Optional)

Enter a message to your senator. Many New Yorkers use this to share the reasoning behind their support or opposition to the bill. Others might share a personal anecdote about how the bill would affect them or people they care about.

Actions

View Actions

	Assembly Actions - Lowercase Senate Actions - UPPERCASE
Jan 03, 2018	referred to consumer protection
Apr 17, 2017	referred to consumer protection

co-Sponsors

View additional co-sponsors

2017-S5576 (ACTIVE) - Details

See Assembly Version of this Bill:: A7236
Current Committee:: Senate Consumer Protection
Law Section:: General Business Law
Laws Affected:: Add §390-bb, Gen Bus L
Versions Introduced in 2019-2020 Legislative Session:: A3612

2017-S5576 (ACTIVE) - Summary

Requires internet service providers to provide customers with a copy of their privacy policy and to obtain written and explicit permission from a customer prior to sharing, using, selling or providing to a third party any sensitive information of such customer.

2017-S5576 (ACTIVE) - Sponsor Memo

                                 BILL NUMBER:  S5576

 TITLE OF BILL :  An act to amend the general business law, in
relation to requiring internet service providers to provide customers
with a copy of their privacy policy and to obtain written and explicit
permission from a customer prior to sharing, using, selling or
providing to a third party any sensitive information of such customer

 PURPOSE OR GENERAL IDEA OF BILL :

This bill would require internet service providers to obtain consent
from customers prior to using, sharing, or selling a customer's
sensitive information.

 SUMMARY OF PROVISIONS :

Section one of the bill amends the general business law by adding a
new section 390-bb as it relates to requiring internet service
providers (ISPs) to provide customers with a copy of their privacy
policy. In addition, it would require customers to opt-in for ISPs to
use, share or sell their sensitive information and allow customers to
opt-out of use of their non-sensitive or non-identifying information.

Section two of the bill relates to the effective date.

 JUSTIFICATION :

This legislation is in response to the Joint Resolution passed by
Congress and signed into law by President Trump that disapproves of
the Federal Communications Commission's (FCC) rule that was proposed
in October 2016 that would impose opt-in consent requirements on ISPs
for use of customer personal information.

The State should have in place protections for consumers whose
personal information could be sold to third party advertisers and
services. The bill would provide customers with more control and
transparency over how their sensitive personal information is handled
by ISPs.

This bill would require a customer's consent in order to share or use
personal information which would include, browsing history, financial
information, communication content, usage, biographical information
and other data that is specific to an individual consumer. It would
allow customers to opt out of the sharing of non-personal information
that is used by the ISP. The legislation would also require ISPs to
provide a notice to customers on data privacy that includes what data
is collected, how the information is used by the company and if they
sell or share any data with a third party. Finally, it would prevent
ISPs from requiring customers to consent to the use of personal
information as a condition of the service.

 PRIOR LEGISLATIVE HISTORY :

New bill.

 FISCAL IMPLICATIONS FOR STATE AND LOCAL GOVERNMENTS :

None.

 EFFECTIVE DATE :
This act shall take effect on the sixtieth day after it shall have
become law.

2017-S5576 (ACTIVE) - Bill Text download pdf

                            
 
                     S T A T E   O F   N E W   Y O R K
 ________________________________________________________________________
 
                                   5576
 
                        2017-2018 Regular Sessions
 
                             I N  S E N A T E
 
                              April 17, 2017
                                ___________
 
 Introduced  by Sen. CARLUCCI -- read twice and ordered printed, and when
   printed to be committed to the Committee on Consumer Protection
 
 AN ACT to amend the general  business  law,  in  relation  to  requiring
   internet  service  providers to provide customers with a copy of their
   privacy policy and to obtain written and explicit  permission  from  a
   customer  prior  to  sharing,  using,  selling or providing to a third
   party any sensitive information of such customer
 
   THE PEOPLE OF THE STATE OF NEW YORK, REPRESENTED IN SENATE AND  ASSEM-
 BLY, DO ENACT AS FOLLOWS:
 
   Section 1. The general business law is amended by adding a new section
 390-bb to read as follows:
   §  390-BB.  INTERNET  SERVICE PROVIDERS; CUSTOMER DATA PRIVACY. 1. FOR
 THE PURPOSES OF THIS SECTION THE FOLLOWING TERMS SHALL HAVE THE  FOLLOW-
 ING MEANINGS:
   (A)  "INTERNET SERVICE PROVIDER" MEANS ANY PERSON, BUSINESS, OR ORGAN-
 IZATION WHO IS QUALIFIED TO CONDUCT BUSINESS IN THE STATE THAT  PROVIDES
 INDIVIDUALS, CORPORATIONS, OR OTHER ENTITIES WITH ACCESS TO THE INTERNET
 AS PART OF A SERVICE.
   (B)  "CUSTOMER"  MEANS  ANY PERSON, CORPORATION OR ENTITY WHICH PAYS A
 FEE TO AN INTERNET SERVICE PROVIDER FOR ACCESS TO THE INTERNET  AS  PART
 OF A SERVICE.
   (C) "SENSITIVE INFORMATION" MEANS ANY INFORMATION THAT WHICH CAN IDEN-
 TIFY  THE CUSTOMER OR ANY OTHER INFORMATION THAT IS SPECIFICALLY ATTRIB-
 UTABLE TO SUCH CUSTOMER INCLUDING, BUT  NOT  LIMITED  TO,  FINANCIAL  OR
 MEDICAL  DATA, BIOGRAPHICAL INFORMATION, COMMUNICATION CONTENT, BROWSING
 OR WEB HISTORY, OR INTERNET USAGE.
   (D) "NON-SENSITIVE INFORMATION" MEANS INFORMATION COLLECTED  ON  USERS
 THAT IS NOT SPECIFIC TO AN INDIVIDUAL CUSTOMER INCLUDING, BUT NOT LIMIT-
 ED  TO,  AGGREGATED USE, SUBSCRIPTION DATA OR OTHER MACRO LEVEL INFORMA-
 TION.

  EXPLANATION--Matter in ITALICS (underscored) is new; matter in brackets
                       [ ] is old law to be omitted.
                                                            LBD10887-01-7

 S. 5576                             2
 
   2. EACH INTERNET SERVICE PROVIDER SHALL PROVIDE CUSTOMERS WITH A COPY,
 EITHER IN WRITING OR IN ELECTRONIC FORM, OF THEIR  PRIVACY  POLICY  THAT
 SHALL  INCLUDE  ITS  DATA  COLLECTION  AND  USE  PRACTICES,  THIRD PARTY
 RELATIONSHIPS, PURPOSE OF THE DATA COLLECTION AND PROCESS FOR  CUSTOMERS
 TO  EXERCISE CONTROL OVER THEIR INFORMATION AS PROVIDED IN THIS SECTION.
 THE PRIVACY POLICY SHALL BE PROVIDED TO CUSTOMERS UPON ENTERING  INTO  A
 CONTRACT  WITH  THE  INTERNET SERVICE PROVIDER AND SUBSEQUENTLY UPON ANY
 SIGNIFICANT CHANGES MADE TO SUCH POLICY.
   3. AN INTERNET SERVICE PROVIDER  SHALL  OBTAIN  WRITTEN  AND  EXPLICIT
 PERMISSION FROM A CUSTOMER PRIOR TO SHARING, USING, SELLING OR PROVIDING
 TO  A THIRD PARTY ANY SENSITIVE INFORMATION OF SUCH CUSTOMER. THE INTER-
 NET SERVICE PROVIDER SHALL PROVIDE TO THE CUSTOMER A CLEAR AND CONSPICU-
 OUS DESCRIPTION OF THE INTENDED USE OF THEIR INFORMATION, INCLUDING, BUT
 NOT LIMITED TO, TYPE OF INFORMATION THAT MAY BE  DISCLOSED,  PURPOSE  OF
 SUCH  DISCLOSURE,  AND ALL THIRD PARTY ENTITIES THAT MAY BE RECEIVING OR
 USING THE INFORMATION.
   4. A CUSTOMER SHALL HAVE THE OPTION TO REMOVE THEIR  CONSENT  FOR  THE
 USE  OR  DISCLOSURE  OF  NON-SENSITIVE INFORMATION. THE INTERNET SERVICE
 PROVIDER SHALL DEVELOP A PROCESS FOR A CUSTOMER TO EASILY  REMOVE  THEIR
 CONSENT  FOR THE USE OF ANY NON-SENSITIVE INFORMATION. THE PROCESS SHALL
 INCLUDE A DETAILED DESCRIPTION OF THE INTENDED USE OF THEIR INFORMATION,
 INCLUDING,  BUT  NOT  LIMITED  TO,  TYPE  OF  INFORMATION  THAT  MAY  BE
 DISCLOSED, PURPOSE OF SUCH DISCLOSURE, AND ALL THIRD PARTY ENTITIES THAT
 MAY BE RECEIVING OR USING THE INFORMATION.
   5.  AN  INTERNET  SERVICE  PROVIDER  SHALL  NOT, AS A CONDITION OF THE
 SERVICE, REQUIRE CONSENT FROM A CUSTOMER FOR USE OF THEIR  SENSITIVE  OR
 NON-SENSITIVE INFORMATION.
   6.  AN  INTERNET  SERVICE  PROVIDER MAY USE SENSITIVE OR NON-SENSITIVE
 INFORMATION WITHOUT CONSENT FROM THE CUSTOMER  IF  SUCH  INFORMATION  IS
 NECESSARY  IN  PROVIDING THE SERVICE TO THE CUSTOMER, INCLUDING, BUT NOT
 LIMITED TO, BILLING, INSTALLATION, AND SUPPORT.
   7. WHENEVER THERE SHALL BE A VIOLATION OF THIS SECTION, AN APPLICATION
 MAY BE MADE BY THE ATTORNEY GENERAL IN THE NAME OF  THE  PEOPLE  OF  THE
 STATE OF NEW YORK TO A COURT OR JUSTICE HAVING JURISDICTION BY A SPECIAL
 PROCEEDING  TO  ISSUE AN INJUNCTION, AND UPON NOTICE TO THE DEFENDANT OF
 NOT LESS THAN FIVE DAYS, TO ENJOIN AND RESTRAIN THE CONTINUANCE OF  SUCH
 VIOLATION;  AND  IF  IT SHALL APPEAR TO THE SATISFACTION OF THE COURT OR
 JUSTICE THAT THE DEFENDANT HAS,  IN  FACT,  VIOLATED  THIS  SECTION,  AN
 INJUNCTION  MAY  BE  ISSUED  BY  SUCH  COURT  OR  JUSTICE, ENJOINING AND
 RESTRAINING ANY FURTHER VIOLATION,  WITHOUT  REQUIRING  PROOF  THAT  ANY
 PERSON  HAS,  IN  FACT,  BEEN  INJURED  OR  DAMAGED THEREBY. IN ANY SUCH
 PROCEEDING, THE COURT MAY MAKE ALLOWANCES TO  THE  ATTORNEY  GENERAL  AS
 PROVIDED  IN  PARAGRAPH  SIX  OF SUBDIVISION (A) OF SECTION EIGHTY-THREE
 HUNDRED THREE OF THE CIVIL PRACTICE LAW AND RULES, AND  DIRECT  RESTITU-
 TION.  WHENEVER  THE  COURT  SHALL  DETERMINE  THAT  A VIOLATION OF THIS
 SECTION  HAS OCCURRED, THE COURT MAY IMPOSE A CIVIL PENALTY OF NOT  MORE
 THAN FIVE HUNDRED DOLLARS FOR A SINGLE VIOLATION AND NOT MORE THAN FIFTY
 THOUSAND  DOLLARS FOR MULTIPLE VIOLATIONS RESULTING FROM A SINGLE ACT OR
 INCIDENT. IN CONNECTION WITH ANY SUCH PROPOSED APPLICATION, THE ATTORNEY
 GENERAL IS AUTHORIZED TO TAKE PROOF AND  MAKE  A  DETERMINATION  OF  THE
 RELEVANT FACTS AND ISSUE SUBPOENAS IN ACCORDANCE WITH THE CIVIL PRACTICE
 LAW AND RULES.
   §  2.  This  act  shall take effect on the sixtieth day after it shall
 have become a law.

Comments

Open Legislation is a forum for New York State legislation. All comments are subject to review and community moderation is encouraged.

Comments deemed off-topic, commercial, campaign-related, self-promotional; or that contain profanity, hate or toxic speech; or that link to sites outside of the nysenate.gov domain are not permitted, and will not be published. Attempts to intimidate and silence contributors or deliberately deceive the public, including excessive or extraneous posting/posts, or coordinated activity, are prohibited and may result in the temporary or permanent banning of the user. Comment moderation is generally performed Monday through Friday. By contributing or voting you agree to the Terms of Participation and verify you are over 13.

Create an account. An account allows you to sign petitions with a single click, officially support or oppose key legislation, and follow issues, committees, and bills that matter to you. When you create an account, you agree to this platform's terms of participation.

Senate Bill S5576

Share this bill

Sponsored By

David Carlucci

Archive: Last Bill Status - In Senate Committee Consumer Protection Committee

co-Sponsors

Marisol Alcantara

Jesse Hamilton

Todd Kaminsky

Jose Peralta

2017-S5576 (ACTIVE) - Details

2017-S5576 (ACTIVE) - Summary

2017-S5576 (ACTIVE) - Sponsor Memo

2017-S5576 (ACTIVE) - Bill Text download pdf

Comments