The most recent New York state legislative session was active, seeing, for example, such sweeping bills approved as the legalization of recreational cannabis use and parole reform. It was also a busy session in relation to data protection, understood as the intersection of privacy and security of personal data. Specifically, in the 2021 session, the New York legislature considered no fewer than four major data protection proposals, including an analog to the California Consumer Privacy Act, an analog to the Illinois Biometric Information Privacy Act, and the Governor’s New York Data Accountability and Transparency Act budget proposal, which encompassed a number of privacy related reforms and a consumer data privacy “bill of rights.”

Of greatest interest, from an innovation standpoint, was the New York Privacy Act (NYPA), S.6701/A.680-A, which had returned from the previous session, albeit in updated form. NYPA, which had previously not made it out of committee, advanced out of the consumer protection committee in a matter of days and proceeded to its third reading on May 24, 2021. After the third reading, NYPA could have proceeded to a vote. It failed to make the Senate floor calendar in the flurry of session-end activity in early June, however, and has been committed to rules, which means it will likely return to the consumer protection committee, when the next session begins on Jan. 4, 2022. A companion bill was introduced in the Assembly, but it did not move this session.