BILL
SUBJECT
DATE
The Business Council issues this memo of concern regarding S.4413-A (May) /A.10770 (Rozic). While we appreciate the sponsors’ intent to strengthen consumer protections, we believe targeted amendments are necessary to avoid unintended anti-consumer consequences.
Subscription Cancellation Does Not Equal Account Deletion
Equating a subscription cancellation with a data deletion request creates friction for consumers who cancel a monthly subscription but wish to continue using other services on the same platform. Consider a consumer who cancels a food delivery platform's premium subscription but wants to continue ordering à la carte: the bill's current language would require deletion of all payment information associated with the entire account, not just the subscription. This:
- Treats a subscription cancellation as a full account deletion - plainly not the legislation's intent;
- Forces consumers to re-enter payment details for future purchases or returns; and
- Complicates refund processing when the consumer's payment method is no longer on file.
Recommendation: Cancellation of an automatic renewal should not trigger deletion of payment data unless the consumer expressly requests it. This preserves consumer choice while maintaining strong privacy protections.
14-Day Deletion Window Creates Refund Complications
The bill requires deletion of payment information within 14 days of cancellation. Refunds routinely take longer than 14 days to process - and in many cases consumers may not seek a refund, exchange, or return within that window at all. Deleting the payment method before a refund can be issued is anti-consumer; it makes it harder for customers to get their money back.
Recommendation: Retain payment data for a reasonable period sufficient to process any pending or likely refunds before requiring deletion.
Risk of Fraud and Free-Trial Abuse
Many platforms use payment "fingerprinting" to ensure that promotional offers and free trials are used only once per person. The bill's mandatory deletion requirement would prohibit that practice, enabling bad actors to repeatedly sign up for free trials. cancel before the trial ends, and restart the process - indefinitely. The likely result:
- Elimination of free-trail offers altogether; or
- Price increases for all consumers to offset the cost of abuse.
Recommendation: Permit retention of de-identified payment fingerprint data solely for fraud prevention purposes.
The Business Council supports the goal of protecting New Yorkers' personal data and stands ready to work with the sponsors on amendments that advance that objective without creating the unintended consumer harms described above.