FB pixel

4 US governments get biometric privacy rules on the table, off the ground

4 US governments get biometric privacy rules on the table, off the ground
 

U.S. state and local governments are pinching off the abilities of businesses to freely use facial recognition algorithms on their customers. It is just a few government bodies so far, but they are not working from a template.

Four recent developments – in New York, California, Iowa and Colorado — stand out.

Bloomberg Law reportedly received copies of two New York City bills regulating large classes of businesses using biometric matching or surveillance to ID customers. The city has debated the topic for several years.

One bill would make it illegal for business owners to identify people using biometric systems in places of accommodation without getting written consent and telling people how the data will be managed and shared.

The other would ban identifying people without their consent in multiple-dwelling residential buildings. Only eight bits of data could be collected, including biometric identifiers if a digital access system, installed in common areas, uses the identifiers.

It is difficult not to read the first proposal as a way to stop the powerful owner of Madison Square Garden Entertainment from using facial recognition code to prevent anyone he considers personal or professional antagonists from entering Madison Square Garden and other managed venues.

Both ideas likely will be introduced at a city council meeting April 27.

In a housekeeping move, meanwhile, California state regulators have updated rules to harmonize two landmark biometrics regimes – the Consumer Privacy Act, often referred to as the CPPA, and the Privacy Rights Act, or CPRA.

State leaders consider this a high-water mark for broadly protecting individuals’ privacy rights, especially those that minimize data collection and the use of dark patters. The new rules are now in effect.

The agriculture-dominated and staunchly conservative state of Iowa also has enacted what lawmakers bill as a comprehensive privacy law. It does not give state residents the right to force corrections in errors in their collected biometric data. Nor does it give them the right to take companies to court.

Iowa’s law, signed this month, has a fairly detailed description of how it can be applied.

According to the National Law Review, the law applies to companies doing business in the state and either control the data of at least 100,000 residents or claim more than half of their gross revenue from selling or processing the data of at least 25,000 residents.

Iowa also limits actionable data transactions to those involving monetary consideration. And there is no right of action for residents. Complaints go to the attorney general’s office which decides if a case is brought. Companies can be fined but residents are not compensated for mistakes or misuse.

The state of Colorado has gotten deeper into private-sector biometrics regulation as well. Lawmakers have created rules that finalized the Colorado Privacy Act. Lawmakers had three years, beginning in 2021, to agree to the rules for implementation. The act goes into effect July 1.

According to an analysis of the result by law firm WilmerHale, some businesses have looked to the California Privacy Rights Act as a benchmark, but there are significant differences between the two regulatory regimes.

Third-party processing is covered in the CPRA, but not in the Colorado law. The differences are important because Colorado businesses sell into California, which has a much bigger economy.

Article Topics

 |   |   |   |   |   |   | 

Latest Biometrics News

 

Operationalizing biometrics for digital economy is a process

From biometric binding through regulations for payments from digital wallets, the Biometric Update’s top stories of the week reflect a…

 

Deepfakes a ‘now problem’ as EU AI Act passes compliance deadline: Reality Defender

First it was Joe Biden, Kamala Harris and Taylor Swift. Now it’s Scarlett Johannson, Emmanuel Macron and Italy’s Defense Minister…

 

OneID raises £16 million

UK digital verification service OneID has secured new funding amid a rise of interest in digital identity among the country’s…

 

Digital ID verification can make property transactions more efficient, less prone to fraud

In the UK, Russia, South Korea, India and Pakistan, biometrics are making their way into real estate transactions, as digital…

 

IDV experts ponder death and resurrection of document verification

Is document verification dead? The question hangs over a debate hosted by Peak IDV CEO, Steve Craig. Five industry experts…

 

Jamaica operationalizing national digital ID with data exchange platform

Jamaica will make its digital identity available to all of its citizens, Custos of Kingston Steadman Fuller said on Thursday…

Comments

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Most Viewed This Week

Featured Company

Biometrics Insight, Opinion

Digital ID In-Depth

Biometrics White Papers

Biometrics Events