When stacked up against other areas of the country, New York was among the middle of the pack of a recent analysis that took a state-by-state look at online privacy laws.

Comparitech, a U.K.-based company focused on tech research and privacy, has released its most recent report on Internet privacy laws across different areas of the U.S.

“Laws governing online privacy in the U.S. vary widely from state to state,” Paul Bischoff, a tech writer and privacy advocate with Comparitech, wrote in the report.

Comparitech’s analysis looked into whether each state had laws in 22 specific criteria, including such emerging technologies as artificial intelligence and data linked to the “internet of things,” such as network-connected refrigerators and doorbells.

“Our criteria range from laws that govern how companies can use and disclose customer data to those that protect journalists, children and employees,” Bischoff said.

With seven of the 22 metrics met, Comparitech’s researchers gave New York an overall score of 32.

Top-performer California, by comparison, received a score of 77, with 17 of the 22 criteria boxes checked. On the other end of the spectrum, Idaho, Mississippi and Wyoming received scores of 9, with each state having laws linked to two of the 22 categories.

New York State has a range of laws on its books related to data privacy. Examples include requirements on the use of artificial intelligence, a data disposal law and safeguards protecting journalists.

In New York City and the state General Assembly, one specific facet of online data privacy – biometric data – has been discussed in recent years from a policy perspective.

After several years of review, New York City on July 9 enacted a biometric data protection law.

At its core, it requires certain businesses across the five boroughs to post formal notices if biometric data is collected. The law also prohibits any businesses from using the data for transactional purposes.

Prior to affirmative New York City Council action, the Committee on Consumer Affairs and Business Licensing issued a report in late 2020 on the rationale behind having a biometric data law on the books.

“In New York City, as well as many other municipalities, establishments frequently do not inform customers that facial recognition software is being used, and it is unclear what companies or businesses do with the data, once it is collected,” Jeffrey Baker, legislative director with the city, and Rachel Cordero, deputy director of government affairs, wrote in the dual-authored report.

The General Assembly is in the midst of considering similar statewide legislation. Assemblywoman Aileen Gunther, D-Forestburgh, is the primary sponsor of Assembly Bill 27.

The legislation, which is currently in the hands of the state Assembly Consumer Affairs and Protection Committee, would establish the Biometric Privacy Act, if it is passed into law.

In its current draft state, A27 would require any private entities in possession of biometric data to develop a written policy, establishing a retention schedule and guidelines for destroying the information.

Based on the current iteration of the legislation, the act would require private entities to destroy the biometric data no later than three years after it was collected.

This article was originally posted on New York receives middling score in analysis of states’ online privacy laws