FB pixel

4 US governments get biometric privacy rules on the table, off the ground

4 US governments get biometric privacy rules on the table, off the ground
 

U.S. state and local governments are pinching off the abilities of businesses to freely use facial recognition algorithms on their customers. It is just a few government bodies so far, but they are not working from a template.

Four recent developments – in New York, California, Iowa and Colorado — stand out.

Bloomberg Law reportedly received copies of two New York City bills regulating large classes of businesses using biometric matching or surveillance to ID customers. The city has debated the topic for several years.

One bill would make it illegal for business owners to identify people using biometric systems in places of accommodation without getting written consent and telling people how the data will be managed and shared.

The other would ban identifying people without their consent in multiple-dwelling residential buildings. Only eight bits of data could be collected, including biometric identifiers if a digital access system, installed in common areas, uses the identifiers.

It is difficult not to read the first proposal as a way to stop the powerful owner of Madison Square Garden Entertainment from using facial recognition code to prevent anyone he considers personal or professional antagonists from entering Madison Square Garden and other managed venues.

Both ideas likely will be introduced at a city council meeting April 27.

In a housekeeping move, meanwhile, California state regulators have updated rules to harmonize two landmark biometrics regimes – the Consumer Privacy Act, often referred to as the CPPA, and the Privacy Rights Act, or CPRA.

State leaders consider this a high-water mark for broadly protecting individuals’ privacy rights, especially those that minimize data collection and the use of dark patters. The new rules are now in effect.

The agriculture-dominated and staunchly conservative state of Iowa also has enacted what lawmakers bill as a comprehensive privacy law. It does not give state residents the right to force corrections in errors in their collected biometric data. Nor does it give them the right to take companies to court.

Iowa’s law, signed this month, has a fairly detailed description of how it can be applied.

According to the National Law Review, the law applies to companies doing business in the state and either control the data of at least 100,000 residents or claim more than half of their gross revenue from selling or processing the data of at least 25,000 residents.

Iowa also limits actionable data transactions to those involving monetary consideration. And there is no right of action for residents. Complaints go to the attorney general’s office which decides if a case is brought. Companies can be fined but residents are not compensated for mistakes or misuse.

The state of Colorado has gotten deeper into private-sector biometrics regulation as well. Lawmakers have created rules that finalized the Colorado Privacy Act. Lawmakers had three years, beginning in 2021, to agree to the rules for implementation. The act goes into effect July 1.

According to an analysis of the result by law firm WilmerHale, some businesses have looked to the California Privacy Rights Act as a benchmark, but there are significant differences between the two regulatory regimes.

Third-party processing is covered in the CPRA, but not in the Colorado law. The differences are important because Colorado businesses sell into California, which has a much bigger economy.

Article Topics

 |   |   |   |   |   |   | 

Latest Biometrics News

 

New South Wales Digital Strategy is building a roadmap to inclusion and safety

Chris Minns’ Labour government has launched its new digital roadmap for New South Wales, Australia’s most populous state and home…

 

Worldcoin waves in more applications for expanded grant program

Worldcoin has shifted their grant program to fund innovation in its World ID project, decentralized identity and growth initiatives, says…

 

MDL interoperability put to the test amid standardization, adoption push

Australia’s National Digital Trust Service (DTS) for digital driver’s licenses has passed an interoperability road test based on international standards….

 

Governments need digital ID verification strategies to beat rampant fraud

“The concept of digital IDs is relatively straightforward”: so says a piece in Nextgov/FCW, covering fresh legislative efforts to win…

 

Infrastructure challenges impacting NIN card production says UrbanID exec

Acute infrastructural challenges stand in Nigeria’s way as the country carries on with the issuance of mobile digital ID as…

 

Philippines agency to print national ID cards itself

The Philippine Statistics Authority (PSA) is switching up where it is printing PhilSys ID cards following the termination of the…

Comments

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Most Read This Week

Featured Company

Biometrics Insight, Opinion

Digital ID In-Depth

Biometrics White Papers

Biometrics Events