New York, United StatesIntroduced; committee review

New York Child Data Protection Act (NY NYCDPA)

New York Child Data Protection Act focusing on commercial data collection from minors, with strong data minimization and deletion rights for child accounts.

Key Provisions

What NY NYCDPA requires

01

Platforms must provide a clear, accessible mechanism for parents to request deletion of a minor's data

02

Data deletion requests must be honored within 30 days

03

Prohibits selling or sharing personal data of minors for commercial purposes

04

Data minimization requirement — platforms may only collect data necessary for the service

05

New York AG enforcement authority with enhanced penalties for violations involving minors

Rule Categories Covered

Phosra enforcement categories for NY NYCDPA

Data Deletion Request

privacy
data_deletion_request

Triggers data deletion workflows on connected platforms and enables full profile removal via API.

Commercial Data Ban

other
commercial_data_ban

Enforces commercial data ban rules across connected platforms.

Platforms Affected

Platforms covered by NY NYCDPA

InstagramTikTokYouTubeSnapchatRoblox
Age: All minors

MCP Enforcement

Enforce NY NYCDPA with a single API call

mcp-enforcement
// Enforce NY NYCDPA compliance
tool: trigger_child_enforcement
input: {
  child_id: "ch_emma_01",
  law: "NY_NYCDPA",
  rules: [
          "data_deletion_request",
          "commercial_data_ban"]
}

→ Instagram    enforcement applied     ✓
→ TikTok       enforcement applied     ✓
→ YouTube      enforcement applied     ✓
→ Snapchat     enforcement applied     ✓

Start building NY NYCDPA-compliant features today

Phosra handles the complexity of multi-platform compliance so you can focus on building great products for families.