Facial recognition and other biometrics targeted in data privacy legislation, but what will feds do?
Data privacy legislation is advancing in the U.S., though somewhat unpredictably, with different ramifications for biometrics vendors in different states.
A privacy bill before Washington State’s legislature would categorize biometric data as sensitive information, MediaPost reports, requiring businesses to obtain consent through an opt-in process before processing the data.
Along with geolocation data and certain biographic characteristics, the use of biometrics for ad targeting is addressed in The Washington Privacy Act (SB5062).
The bill was sent to the state senate’s ways and means committee recently after passing a 12-1 vote.
The legislation was introduced by Senator Reuven Carlyle, who also introduced a privacy bill last year, which foundered in March over the inclusion of a private right of action, and another in 2019 modeled on GDPR.
The new bill places enforcement of the privacy measures with the state attorney general. It would also direct the state privacy office and attorney general to consider requiring companies to honor online opt-out requests submitted through web browsers.
MediaPost says Consumer Reports has written to Carlyle suggesting that a right of private action should be included in the bill.
Minneapolis, Utah regulation proposals approach approval votes
Meanwhile, public comments on a proposed ban on the use of face biometrics by Minneapolis police will be heard on February 10, with city council putting the measure to a vote on February 12, the Minneapolis Star Tribune reports.
Council Member Steve Fletcher, who supports the proposed ordinance, referred to real-time facial recognition repeatedly in comments supporting the legislation, as well as the proliferation of cameras around the city.
The ordinance would ban the use of facial recognition by Minneapolis Police, but not outside law enforcement agencies operating in the city, like Hennepin County Sheriffs Office, or businesses.
The Star Tribune has found that law enforcement agencies at various levels have conducted nearly 1,000 searches of the local Sheriff’s Office’s database since 2018, with more than half of those conducted during the first nine months of 2020. The Minneapolis Police Department has been found to have used the system 237 times between the Fall of 2015 and the Fall of 2020.
In Utah, a senate committee has unanimously approved a bill to regulate law enforcement use of facial recognition, which The Salt Lake Tribune reports would require the state to inform people applying for driver’s licenses that their licence photo could be used in biometric searches.
SB34 does not allow people to opt out, but largely codifies the existing practices around the Department of Public Safety’s facial recognition use, according to the article. It also sets out a framework for police searches, with mandatory written requests detailing the crime being investigated and an explanation for how the individual being sought is connected to the crime.
Police will be able to make requests in felony cases, violent crimes and threats to human life, to identify deceased or incapacitated individuals, or people who cannot identify themselves to law enforcement.
The ACLU and Libertas Institute have both suggested the bill does not do enough to ensure privacy protections for state residents.
The bill still needs to be approved by state lawmakers and signed by the governor to take effect.
District Attorney’s office criticized for using Clearview AI
Documents obtained by Legal Aid through Freedom of Information Law (FOIL) requests show the local D.A.’s office signed a one-year contract with Clearview in May of 2019 at a cost of $10,000 to make use of the investigative tool. The documents list 11 individuals with the office as Clearview users.
District Attorney Michael E. McMahon says the biometric technology is still in occasional use by his office, and is one among many resources it uses for investigation and prosecution.
Legal Aid is calling on McMahon to cease using the technology and disclose details about how it has used it in the past. The organization suggests the technology was used to generate leads, and should therefore be subject to pretrial discovery, but defense attorneys have not been informed of its use. Legal Aid says the D.A.’s office objected to providing records on grounds that doing so would be an invasion of personal privacy.
A spokesperson for the D.A.’s office also said no documents regarding a Clearview contract since the May 2019 agreement have been found.
More federal AI regulation likely
At the federal level, disagreement between Republicans and Democrats on whether national data privacy legislation should pre-empt state laws may not prevent the passage of new laws with the latter in control of all three legislative branches of the U.S. government, CNBC reports.
Vice President Kamala Harris sent a letter to three federal agencies asking them to consider the risk of bias in AI systems, with specific reference to facial recognition, in 2018. CNBC notes President Joe Biden also told the New York Times last year that the U.S. should follow Europe’s lead on data privacy regulation.
AI legislation has already increased, under a divided congress.
One of the founders of the bi-partisan Senate Artificial Intelligence Caucus, which was formed two years ago, says the group is planning to expand to more than its current eight members, and may look into the future of work.
The caucus supported eight bills that became law in 2020, including the National AI Research Resource Task Force Act and the Deepfake Reports Act, and will work to ensure their prompt implementation, Senator Rob Portman (R-OH) told Nextgov.