Privacy & Information Security Law Blog

On December 21, 2024, New York Governor Kathy Hochul signed a flurry of privacy and social media bills, including:

• Senate Bill 895B requires social media platforms that operate in New York to clearly post terms of service (“ToS”), including contact information for users to ask questions about the ToS, the process for flagging content that users believe violates the ToS, and a list of potential actions the social media platform may take against a user or content. The New York Attorney General has authority to enforce the act and may subject violators to penalties of up to $15,000 per day. The act takes effect 180 days after becoming law.
• Senate Bill 5703B prohibits the use of social media platforms for debt collection. The act, which took effect immediately upon becoming law, defines a “social media platform” as a “public or semi-public internet-based service or application that has users in New York state” that meets the following criteria:
  • a substantial function of the service or application is to connect users in order to allow users to interact socially with each other within the service or application. A service or application that provides e-mail or direct messaging services shall not be considered to meet this criterion on the basis of that function alone; and
  • the service or application allows individuals to: (i) construct a public or semi-public profile for purposes of signing up and using the service or application; (ii) create a list of other users with whom they share a connection within the system; and (iii) create or post content viewable or audible by other users, including, but not limited to, livestreams, on message boards, in chat rooms, or through a landing page or main feed that presents the user with content generated by other users.
• Senate Bill 2376B amends relevant laws to add medical and health insurance information to the definitions of identity theft. The act defines “medical information” to mean any information regarding an individual’s medical history, mental or physical condition, or medical treatment or diagnosis by a health care professional. The act defines “health insurance information” to mean an individual’s health insurance policy number or subscriber identification number, any unique identifier used by a health insurer to identify the individual or any information in an individual’s application and claims history, including, but not limited to, appeals history.  The act takes effect 90 days after becoming law.
• Senate Bill 1759B, which takes effect 60 days after becoming law, requires online dating services to disclose certain information of banned members of the online dating services to New York members of the services who previously received and responded to an on-site message from the banned members. The disclosure must include:
  • the user name, identification number, or other profile identifier of the banned member;
  • the fact that the banned member was banned because, in the judgment of the online dating service, the banned member may have been using a false identity or may pose a significant risk of attempting to obtain money from other members through fraudulent means;
  • that a member should never send money or personal financial information to another member; and
  • a hyperlink to online information that clearly and conspicuously addresses the subject of how to avoid being defrauded by another member of an online dating service.