FB pixel

4 US governments get biometric privacy rules on the table, off the ground

4 US governments get biometric privacy rules on the table, off the ground

U.S. state and local governments are pinching off the abilities of businesses to freely use facial recognition algorithms on their customers. It is just a few government bodies so far, but they are not working from a template.

Four recent developments – in New York, California, Iowa and Colorado — stand out.

Bloomberg Law reportedly received copies of two New York City bills regulating large classes of businesses using biometric matching or surveillance to ID customers. The city has debated the topic for several years.

One bill would make it illegal for business owners to identify people using biometric systems in places of accommodation without getting written consent and telling people how the data will be managed and shared.

The other would ban identifying people without their consent in multiple-dwelling residential buildings. Only eight bits of data could be collected, including biometric identifiers if a digital access system, installed in common areas, uses the identifiers.

It is difficult not to read the first proposal as a way to stop the powerful owner of Madison Square Garden Entertainment from using facial recognition code to prevent anyone he considers personal or professional antagonists from entering Madison Square Garden and other managed venues.

Both ideas likely will be introduced at a city council meeting April 27.

In a housekeeping move, meanwhile, California state regulators have updated rules to harmonize two landmark biometrics regimes – the Consumer Privacy Act, often referred to as the CPPA, and the Privacy Rights Act, or CPRA.

State leaders consider this a high-water mark for broadly protecting individuals’ privacy rights, especially those that minimize data collection and the use of dark patters. The new rules are now in effect.

The agriculture-dominated and staunchly conservative state of Iowa also has enacted what lawmakers bill as a comprehensive privacy law. It does not give state residents the right to force corrections in errors in their collected biometric data. Nor does it give them the right to take companies to court.

Iowa’s law, signed this month, has a fairly detailed description of how it can be applied.

According to the National Law Review, the law applies to companies doing business in the state and either control the data of at least 100,000 residents or claim more than half of their gross revenue from selling or processing the data of at least 25,000 residents.

Iowa also limits actionable data transactions to those involving monetary consideration. And there is no right of action for residents. Complaints go to the attorney general’s office which decides if a case is brought. Companies can be fined but residents are not compensated for mistakes or misuse.

The state of Colorado has gotten deeper into private-sector biometrics regulation as well. Lawmakers have created rules that finalized the Colorado Privacy Act. Lawmakers had three years, beginning in 2021, to agree to the rules for implementation. The act goes into effect July 1.

According to an analysis of the result by law firm WilmerHale, some businesses have looked to the California Privacy Rights Act as a benchmark, but there are significant differences between the two regulatory regimes.

Third-party processing is covered in the CPRA, but not in the Colorado law. The differences are important because Colorado businesses sell into California, which has a much bigger economy.

Article Topics

 |   |   |   |   |   |   | 

Latest Biometrics News


U.S. academic institutions get biometric upgrades with new partnerships

A press release says ROC (formerly Rank One Computing), which provides U.S.-made biometrics and computer vision for military, law enforcement…


Smart Bangladesh 2041: Balancing ambition with reality

Bangladesh aims to be a “Smart” nation by 2041 as the country goes through a drastic transformation founded on digital identity…


Nigeria’s NIMC introducing one multi-purpose digital ID card, not three

The National Identity Management Commission of Nigeria (NIMC) has clarified that only one new digital ID card with multiple functions…


Age assurance tech is ready now, and international standards are on their way

The Global Age Assurance Standards Summit has wrapped up, culminating in a set of assertions, a seven-point call-to-action and four…


NIST finds biometric age estimation effective in first benchmark, coming soon

The U.S. National Institute of Standards and Technology presented a preview of its assessment of facial age estimation with selfie…


Maryland bill on police use of facial recognition is ‘strongest law in the nation’

Maryland has passed one of the more stringent laws governing the use of facial recognition technology by law enforcement in…


Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Most Read From This Week

Featured Company

Biometrics Insight, Opinion

Digital ID In-Depth

Biometrics White Papers

Biometrics Events