New York Biometric Bill (S2539) Clears Senate, Heads to Assembly

The New York State Senate passed S2539 on May 12, 2026, by a vote of 55 to 5. The bill would require stores that scan or track customers' biometric data to post plain-language warning signs at every entrance. It is not law yet; the Assembly and the Governor must still act.
Information last verified on June 3, 2026. This is a developing story; we update it as the record changes.
Jurisdiction scope: This article addresses New York bill S2539 (Senate) and its companion A1558 (Assembly) in the 2025-2026 session, and contrasts them with current New York and Illinois biometric-privacy law. It describes a pending bill that is not yet enacted. It does not address every state's biometric rules. For related coverage, see our data privacy laws hub.
What Happened
The New York State Senate passed S2539C on May 12, 2026, by a vote of 55 aye to 5 nay (with 1 absent and 2 excused), according to the bill record on nysenate.gov. The measure, sponsored by Senator Zellnor Myrie, would require retailers that track customers through electronic devices, or that collect biometric data, to post warning signs. The Assembly companion, A1558C, sponsored by Assembly Member Linda Rosenthal, was ordered to third reading and substituted by S2539C on June 1, 2026, placing it on the Assembly floor calendar. As of June 3, 2026, the Assembly has not taken a final passage vote, and the Governor has not signed anything. The bill is not law. Its core command, in the operative version C, reads:
"Conspicuously post a warning sign at each entrance indicating that such retailer performs such tracking. Such warning sign shall be written in plain language." Source: S2539C, 2025-2026 Reg. Sess. (N.Y.)

What the Law Actually Says
New York does not currently have a statewide biometric-privacy statute modeled on Illinois law. New York's existing data law is the SHIELD Act, codified at New York General Business Law section 899-bb, which requires reasonable data-security safeguards but does not create biometric-specific signage duties or a biometric private right of action.
At the local level, New York City already regulates this space. Under New York City Administrative Code sections 22-1201 and 22-1202, a commercial establishment that collects biometric identifier information must post a clear and conspicuous sign near customer entrances, and it is unlawful to sell, lease, trade, share in exchange for anything of value, or otherwise profit from that information. The NYC ordinance also gives aggrieved individuals a private right of action. The state bill would extend a signage rule statewide but, in version C, enforces it only through municipal civil penalties, not a private lawsuit.
Illinois remains the model statewide biometric statute. The Illinois Biometric Information Privacy Act (BIPA), 740 ILCS 14, requires written notice and consent before collecting biometric identifiers and, critically, allows individuals to sue directly. New York's pending bill does not adopt that consent-and-private-action model. You can compare the two regimes through our pages on New York biometric privacy and the Illinois biometric privacy law (BIPA), as well as the broader New York data privacy laws overview.
Analysis: Why This Matters
The following is analysis from the Recording Law Editorial Team.
What the bill does, and what it no longer does, both changed during the amendment process, and that is the most notable feature of the current record. As introduced and through versions A and B, S2539 carried a substantive command: in addition to signage, it stated that "it shall be unlawful for a retailer to sell, lease, trade, share in exchange for anything of value or otherwise profit from the transaction of biometric identifier information." That sentence tracked the New York City ordinance almost word for word. In version C, the version the Senate actually passed and that was substituted in the Assembly, that no-sale sentence is absent from the enacting text, even though the sponsor memo still describes a sale restriction. Readers relying on the memo or on earlier coverage may therefore overstate what the operative bill would do.
As it stands in version C, the bill is principally a transparency-and-signage measure. It would require a plain-language warning at each entrance, opt-out information where applicable, and tiered civil penalties capped at 500 dollars per violation, enforced through local consumer-affairs offices rather than private suits. That is a meaningfully narrower instrument than the Illinois BIPA model, which pairs an up-front consent requirement with a private right of action that has driven large settlements in that state.
Two structural points are worth flagging without predicting any outcome. First, the bill would layer a statewide signage floor on top of New York City's existing notice rule, raising practical questions about how the two interact for retailers already complying with the city ordinance. Second, the version-to-memo gap on the no-sale provision is a live drafting question: the text governs, but the discrepancy is the kind of issue that can be revisited if the Assembly amends the bill before final passage. We take no position on whether the bill will pass or how any provision would be applied. We are describing what the text says today.
How This Affects You
If you shop in New York, nothing about this bill changes your rights right now. As of June 3, 2026, S2539/A1558 is a proposal that has cleared one chamber. Stores are not required to post any new biometric warning sign because of this bill, and no new penalty applies, unless and until the Assembly passes the measure and the Governor signs it, after which version C would take effect 90 days later.
If you operate a retail business in New York, the bill is worth tracking, but it is not yet an obligation. New York City businesses that already comply with NYC Administrative Code sections 22-1201 and 22-1202 are operating under a separate, currently effective local law; that duty exists today regardless of what happens to the state bill. Whether the statewide measure ultimately includes a no-sale ban, a private right of action, or only signage will depend on the final text the Legislature passes and the Governor signs. This page is general information about a pending bill, not advice about your store's specific compliance posture; a New York lawyer can address that.
This is general legal information, not legal advice. It covers New York and reflects sources verified on June 3, 2026. This describes a pending bill that is not yet law; consult a lawyer licensed in your jurisdiction about your specific situation.
Related articles
- Data privacy laws hub
- New York data privacy laws
- New York biometric privacy
- Illinois biometric privacy law (BIPA)
Last updated: 2026-06-03. This is a developing story; details verified as of June 3, 2026.
Frequently Asked Questions
Is New York's biometric bill (S2539) now law?
No. As of June 3, 2026, S2539 has passed the New York State Senate (55 to 5 on May 12, 2026) and the Assembly companion A1558 was substituted to third reading on June 1, 2026. It still needs Assembly passage and the Governor's signature before it could become law.
Would S2539 require stores to post biometric warning signs?
Yes, if enacted. Version C (S2539C) would require retailers that track customers through electronic devices or collect biometric data to conspicuously post a plain-language warning sign at each entrance, with opt-out information where applicable. This is a proposal, not a current requirement, outside of New York City's existing ordinance.
Does the bill ban stores from selling biometric data?
Not in the version that passed the Senate. The no-sale ban (sell, lease, trade, or otherwise profit) appeared in earlier versions A and B and in the sponsor memo, but it is absent from the operative text of version C. The bill text, not the memo, controls.
What penalties would S2539 impose?
Version C sets civil penalties of not more than 100 dollars for a first violation, not more than 250 dollars for a second violation, and not more than 500 dollars for each violation thereafter, enforced through local consumer-affairs offices. These penalties would only apply if the bill is enacted.
How is this different from Illinois BIPA?
Illinois BIPA (740 ILCS 14) requires written notice and consent before collecting biometric identifiers and lets individuals sue directly. New York's pending bill, in version C, requires signage and sets local civil penalties but does not adopt BIPA's consent requirement or private right of action.
Does New York already regulate retail biometric scanning?
New York City does. Under NYC Administrative Code sections 22-1201 and 22-1202, commercial establishments must post biometric notice signs and may not sell biometric identifier information, with a private right of action. Statewide, New York has the SHIELD Act (General Business Law section 899-bb) for data security, but no BIPA-style biometric statute yet.
When would the bill take effect if signed?
Version C provides that the act would take effect on the ninetieth day after it becomes law. Until and unless that happens, nothing changes for shoppers or retailers under this bill.
Sources and References
- NY Senate Bill S2539 (2025-2026), bill page, sponsor, action history, Senate vote 55-5 on May 12 2026(nysenate.gov).gov
- NY Assembly Bill A1558 (2025-2026), companion, substituted to third reading June 1 2026(nysenate.gov).gov
- S2539 amendment A text (earlier version retaining the no-sale provision)(nysenate.gov).gov
- New York General Business Law Section 899-bb (SHIELD Act)(nysenate.gov).gov
- New York City Administrative Code Section 22-1202 (biometric notice and no-sale)(codelibrary.amlegal.com)
- Illinois Biometric Information Privacy Act, 740 ILCS 14(ilga.gov).gov