Supporters of Vetoed NY Health Privacy Bill Plan to Run It Back in 2026

Gov. Kathy Hochul (D) killed the proposed New York Health Information Privacy Act a few hours before a deadline to sign or veto it (see 2512190016). Soon afterward, the bill’s sponsors and supporters accused the governor of protecting Big Tech.

S-929 sought to surpass HIPAA protections to cover wearables, pregnancy trackers and other consumer devices. However, despite quickly passing the legislature back in January, the New York Senate didn’t deliver the legislation to Hochul until Dec. 8 as industry groups loudly opposed the bill (see 2512090016).

In a Friday memo about her decision, Hochul said that even though she supports protecting the privacy of “health-related data,” she felt “constrained to veto” S-929. “While well-intentioned, the bill's definitions and scope are broad, creating potentially significant uncertainty about the information subject to regulation and compliance challenges for consumers, businesses and nonprofits, alike. As a result, entities acting in good faith or those who are subject to other privacy/confidentiality frameworks will face additional risks, which may discourage innovation or limit access to otherwise useful information.”

“Technology is an ever-present part of our lives and I remain open to continuing the dialogue on making the online experience safe and healthy for all,” the governor added. “At this time, I am therefore, constrained to veto this bill.”

But the next morning, Krueger and Assembly co-sponsor Linda Rosenthal (D) slammed the governor in an emailed joint statement. “At a time when Americans’ privacy rights are under fierce attack, Governor Hochul has put the interests of Big Tech over protecting regular New Yorkers,” they said. “This bill passed the Legislature almost a year ago, leaving plenty of time for good-faith negotiations on chapter amendments. Unfortunately, despite our repeated requests for engagement, that time was not used until the very last weeks of the year.”

“Now, instead of empowering New Yorkers by giving them control over how their health data is used,” said Krueger and Rosenthal, “the Governor has chosen to allow these companies to keep monetizing our most intimate information to boost their profits.”

Privacy attorneys who represent businesses had warned that the bill would be more burdensome for compliance than Washington state’s similar 2023 My Health My Data Act (see 2501280023). Then, industry groups and companies including Tech:NYC, Partnership for New York City, TechNet, NetChoice, the State Privacy & Security Coalition, DoorDash and Warby Parker urged Hochul to veto the bill (see 2512030041).

Even so, the privacy bill also had many supporters, including NYCLU, Ben & Jerry’s, more than 200 health care providers and many public advocates. In addition, the bill’s Assembly sponsor had cited support from the New York attorney general’s office.

NYCLU Executive Director Donna Liberman said in a statement emailed Monday that Hochul “prioritized the interests of big tech companies, bad actors, and hostile government entities over everyday New Yorkers.” Lieberman added, “As an anti-abortion, anti-trans extremist wreaks havoc in the White House, New Yorkers desperately need privacy protections to control their online health data without fear of exploitation or abuse.”

Jeremy Mittler, a health care data privacy expert, emailed us that the “veto was surprising but not a shock, and it doesn’t signal a shift in direction.” The Blueprint Audiences CEO said, “Inference-based health advertising is still risky, and the sponsors’ response suggests regulation is being delayed, not avoided. Health advertisers should expect more scrutiny, not less, in 2026.”

Also on Friday, Hochul approved bills on AI and warning labels for social media (see 2512220061 and 2512220014).