13 January 20234 minute read

Proposed laws would make New York a “surveillance sanctuary”

State privacy bills seek to ban geolocation tracking and geofencing warrants; safeguard genetic, biometric, immigration, and payment data

A coalition of New York lawmakers on January 9, 2023 announced a ten-bill legislative package aimed at limiting government access to and collection of personal data.  Unveiled as part of a campaign termed “Banning Big Brother,” the proposed legislation is intended to help make New York “a surveillance sanctuary state.”

To date, the package consists of the following bills:

  • The Reverse Location and Reverse Keyword Search Prohibition Act would prohibit the search, with or without a warrant, of geolocation and keyword data of a group of people who are under no individual suspicion of having committed a crime, but rather are defined by having been at a given location at a given time or searched particular words, phrases, character strings, or websites.

  • The Stop Online Police Fake Accounts and Keep Everyone Safe Act would prohibit police and other governmental entities from creating fake electronic communication service accounts, or from collecting or using an individual's account information.  It would also establish a private right of action for violations of such provisions.

  • The Unofficial DNA Database Ban would establish a single computerized state DNA identification index maintained by the New York State Division of Criminal Justice Services and prohibit municipalities from maintaining any such index.

  • The Biometrics Ban would prohibit the use of biometric data by any state agency, local agency, division of state police, police agency, police officer, peace officer, or any employee thereof.

  • The Protect Our Privacy Act would prohibit drone surveillance of protests and other events and activities protected by the First Amendment and require a search warrant prior to using a drone for law enforcement purposes.

  • The New York for All Act would prohibit and regulate the discovery and disclosure of immigration status; prohibit police officers, peace officers, school resource officers, probation agencies, state entities, state employees, and municipal corporations from questioning individuals regarding their citizenship or immigration status; and regulate the disclosure of information relating to immigration status.

The four remaining measures have yet to be formally introduced in the state legislature:

  • The Cell Site Simulator Ban (TBA) would reportedly prohibit police and other government officials from using devices (commonly known as Stingrays) that function as or simulate a cell-phone tower to identify, locate, or intercept transmissions from a cell phone for purposes other than providing ordinary commercial mobile services or private mobile services.  It may also establish a private right of action for violations of such prohibition.

  • The OMNY Privacy Act (TBA) would reportedly prohibit public transportation authorities and vendors from disclosing to law enforcement officials and other governmental entities rider information collected and used by One Metro New York (OMNY), New York City’s contactless fare payment system.

  • The DNA Phenotyping Ban (TBA) would reportedly prohibit law enforcement officials from using forensic DNA phenotyping to estimate the biogeographic ancestry and externally visible characteristics (including likely gender, hair color, iris color, and adult height) of the source of human DNA left at a crime scene.

  • The Personal Privacy Protection Law (PPPL) Modernization Act (TBA) would reportedly update PPPL’s provisions governing state agencies’ collection of personal information and individuals’ ability to access and correct such information.

If passed, these legislative proposals would create significant new consumer data privacy and security obligations, as well as consequences for breaching those obligations, for companies doing business in New York.

To find out more about these proposals, please contact the author and/or our data privacy team via PrivacyGroup@dlapiper.com.

Print