New York, United StatesIntroduced; committee review

New York Child Data Protection Act (NY NYCDPA)

New York Child Data Protection Act focusing on commercial data collection from minors, with strong data minimization and deletion rights for child accounts.

Key Provisions

What NY NYCDPA requires

Platforms must provide a clear, accessible mechanism for parents to request deletion of a minor's data

Data deletion requests must be honored within 30 days

Prohibits selling or sharing personal data of minors for commercial purposes

Data minimization requirement — platforms may only collect data necessary for the service

New York AG enforcement authority with enhanced penalties for violations involving minors

Rule Categories Covered

Phosra enforcement categories for NY NYCDPA

Data Deletion Request

privacy

data_deletion_request

Triggers data deletion workflows on connected platforms and enables full profile removal via API.

Commercial Data Ban

other

commercial_data_ban

Enforces commercial data ban rules across connected platforms.

Platforms Affected

Platforms covered by NY NYCDPA

InstagramTikTokYouTubeSnapchatRoblox

Age: All minors

MCP Enforcement

Enforce NY NYCDPA with a single API call

mcp-enforcement

// Enforce NY NYCDPA compliance
tool: trigger_child_enforcement
input: {
  child_id: "ch_emma_01",
  law: "NY_NYCDPA",
  rules: [
          "data_deletion_request",
          "commercial_data_ban"]
}

→ Instagram    enforcement applied     ✓
→ TikTok       enforcement applied     ✓
→ YouTube      enforcement applied     ✓
→ Snapchat     enforcement applied     ✓

Start building NY NYCDPA-compliant features today

Phosra handles the complexity of multi-platform compliance so you can focus on building great products for families.

Get Started Free Read the Docs