New York State recently passed the New York Child Data Protection Act (Act), a comprehensive data privacy law that regulates personal information about covered users under 18. New York joins several other states, such as Connecticut and Maryland, which recently passed legislation around minor data. However, the Empire State stands out as it seemingly blends frameworks found under the federal Children’s Online Privacy Protection Act (COPPA) and state omnibus privacy laws to the address minor data.

Who Is Subject to the Law?

Idara Udofia, partner at Reed Smith. Courtesy Photo

The Act applies to an “operator,” which is generally defined as a person who operates or provides a website, online service or application, mobile app or connected device, and collects personal information, either directly or indirectly, from users located in New York, where the operator has actual knowledge that the user is under 18 or the technology is “primarily directed to minors.” “Primarily directed to minors” may suggest the technology must generally be directed to individuals under 18, however, the phrase is defined as “a website, online service, online application, mobile application, or connected device, or a portion thereof, that is targeted to minors.”

Larisa Gamberg, associate at Reed Smith. Courtesy Photo