NY Lawmaker Open to RAISE Act Edits; His New Bill Would Require Social Data Portability
New York Assemblymember Alex Bores (D) expects his AI safety bill, the Responsible AI Safety and Education (RAISE) Act, could be revised through the chapter-amendment process, the legislator told Privacy Daily on Wednesday. “We’re open to amendments that … strengthen or clarify the bill.”
Sign up for a free preview to unlock the rest of this article
Privacy Daily provides accurate coverage of newsworthy developments in data protection legislation, regulation, litigation, and enforcement for privacy professionals responsible for ensuring effective organizational data privacy compliance.
Meanwhile, under a new Bores bill introduced Wednesday, New York could follow Utah in requiring social media platforms to give users the power to port their personal data to other platforms. Backed by digital rights advocate Project Liberty, the measure would also give consumers rights to download or delete all their data from any social platform.
The RAISE Act (S-6953/A-6453) passed the legislature earlier this year, but it hasn’t yet been transmitted to Gov. Kathy Hochul (D) for her signature. In a situation similar to what’s happening with a separate New York health data privacy measure (see 2507310030), the shot clock for signing the RAISE Act won't start until the legislature sends it to Hochul. If the legislation goes through the state’s chapter-amendment process, legislators and Hochul would have to agree on changes. Then the governor would let the bill become law with a commitment from the legislature to amend it, which usually happens in January.
“I’ve had conversations with the governor’s office,” Bores said in an interview. So have advocates, industry, unions and academics, he added. “We have not entered into any formal sort of negotiations yet. I wouldn’t expect that until later in the year, but I know the governor’s office is giving it a very deep look.”
The tech industry has urged Hochul to veto the RAISE Act, which seeks to regulate the training and use of AI frontier models (see 2507090050). “A lot of industry groups … have played fast and loose with the facts,” said Bores. “They know that it's only going to apply to a single-digit number of companies” that “aren't popular, and so they have spread mistruths about it affecting small businesses or even medium businesses, even though the bill explicitly says it does not apply to any company spending less than $100 million on training frontier models.”
Still, said Bores, “even when that argument is brought up in bad faith, the governor's office is going to run it down and make sure that that's not what's happening.”
Meanwhile, New York lawmakers next year will consider Bores’ data portability measure, which hasn’t yet been assigned a bill number in the Assembly. “This bill will begin to have the opportunity to move through committees when the 2026 [New York state] legislative session starts in January,” a Bores spokesperson emailed us.
Utah previously required social media data portability and interoperability, in a bill (HB-418) signed last March by Republican Gov. Spencer Cox (see 2503280035). Set to take effect on July 1, 2026, the new state law also adds a right to correct to the Utah Consumer Privacy Act. At a February hearing, sponsor Rep. Doug Fiefia (R) said the legislation “fundamentally changes” how people interact with social media (see 2502280057).
Bores said he wants to give New Yorkers similar protections to Utahns. The goal is to shift data ownership to consumers from the social media companies, he said. “It’s notable that this bill first passed in a red state, sponsored by a Republican,” he said. “Along with the many privacy benefits … it’s also, at the end of the day, a free-market and pro-competition bill.” Bores therefore hopes to get bipartisan support, though he said that with the legislature currently out of session, “those conversations are still to come.”
The bill would define “data portability” as “the ability of covered users of social media platforms to retain existing social graphs without impairment of quality, reliability, or convenience when such information is transferred from one social media platform or third party to another.” To comply with the bill, social media companies would use an open protocol and “facilitate and maintain interoperability and synchronous data sharing with other social media platforms through an interoperability interface, based on reasonable terms that do not discriminate between social media platforms.”
The New York attorney general would enforce the law by filing a complaint in court, which could issue a fine of up to $2,500 per violation. Additionally, the AG would have authority to make rules to identify open protocols that satisfy the requirements of the proposed law, if enacted.
“Big Tech has been using personal data to manipulate us” and users “are rightly tired of being locked into walled gardens," said Project Liberty President Tomicah Tillemann in a news release. “By putting power back in the hands of individuals, [the New York] bill lays the groundwork for healthier, innovative digital ecosystems where people, not platforms, set the terms."
However, a tech industry group quickly panned the legislation on Wednesday. "We have not seen the bill text but from the summary, this would open up several privacy and security concerns,” said Kyle Sepe, state policy manager for the Computer & Communications Industry Association, in an emailed statement.
“Different companies have different security practices,” he said. “Some encrypt data while others do not. Different companies retain different types of data for different periods of time, and are bound by different laws and regulations if they operate across multiple jurisdictions. … This bill could undermine companies’ ability to create the best security features for their specific data uses, which in turn undermines their users’ safety."