In May 2025, New York State Governor Hochul signed Part X of New York’s annual budget, titled, “Personalized Pricing Transparency and Anti-Discrimination.” Part X, which took effect on July 8, 2025, sets disclosure requirements for the use of algorithmic pricing and prohibits the use of certain consumer data to set prices.Continue Reading New York Requires Disclosures for Personalized Pricing
Artificial intelligence (AI) companion apps have been in the news, with Commissioner Melissa Holyoak of the Federal Trade Commission calling for a study on AI companions earlier this month, and lawmakers at the state and federal level voicing concerns about the technologies. In response, New York has enacted the first law requiring safeguards for AI companions. Scheduled to come into effect on November 5, 2025, the law requires operators of AI companions to implement safety measures to detect and address users’ expression of suicidal ideation or self-harm and to regularly disclose to users that they are not communicating with a human. Here are some answers to the key questions about the law:Continue Reading New York Passes Novel Law Requiring Safeguards for AI Companions
On June 7, 2023, the New York legislature passed the Stop Addictive Feeds Exploitation (SAFE) for Kids Act (SAFE Act or the Act) and the New York Child Data Protection Act (CDPA), both aimed at protecting children online. The SAFE Act prohibits covered social media companies from providing individuals under 18 (minors) with “addictive feeds” (as defined in the SAFE Act) and overnight notifications, absent parental consent. The CDPA is intended to complement the SAFE Act by limiting the extent to which providers of internet websites, online and mobile applications, and connected devices (service) can collect, use, share, and sell minors’ personal data. If signed into law by Governor Hochul, the SAFE Act and CDPA would create new, onerous requirements for entities doing business in New York. The key provisions of each act are highlighted below.Continue Reading New York Legislature Passes a Pair of Bills to Protect Children’s Privacy Online
On March 1, 2017, new cybersecurity rules went into effect for entities regulated by the New York State Department of Financial Services (DFS). The Cybersecurity Requirements for Financial Services Companies are designed to help protect business and customer information and the IT systems of the entities that DFS regulates. While the Cybersecurity Requirements took effect on March 1, regulated entities have 180 days to comply. The final requirements are available here.
Who Is Regulated?
The Cybersecurity Requirements apply to companies “operating under or required to operate under a license, registration, charter, certificate, permit, accreditation or similar authorization under the banking law, the insurance law or the financial services law” (“covered entities”). Covered entities include banks, savings and loans, trust companies, check cashers, credit unions, money transmitters, lenders, insurers, holding companies, investment companies, mortgage brokers, originators, and servicers, and certain other regulated types of companies doing business in New York. Smaller covered entities are exempt from certain components of the Cybersecurity Requirements, but they are required to file an exemption form with DFS.
Continue Reading New Cybersecurity Rules Now in Effect for Entities Regulated by New York State Department of Financial Services