In the US, the regulatory environment for biometrics and privacy has been evolving rapidly in recent months. And now that Madison Square Gardens CEO James Dolan has provoked a new controversy by using facial recognition to detect and eject his perceived enemies from popular entertainment venues, biometrics are likely to come under even more scrutiny in the near term. So with that in mind, it’s worth reviewing some of the more noteworthy regulatory data points of the past week:
US States Mull New Privacy Laws
At least seven US states are considering legislation aimed at protecting the privacy of specific kinds of personal data, including bills that would protect biometric data. The states in question are New York, New Jersey, Maryland, Washington, Oregon, and Mississippi, and are part of a broader national trend as a cluster of states mull broad legislative measures designed to protect consumer data.
Proposed NYC Law Targets Biometric Employee Monitoring
New York City, meanwhile, is also considering legislation that would prohibit employers from making discharge decisions based on ‘electronic monitoring’ technologies, including systems that collect biometric data. The legislation, “Int 0837-2022”, is mainly concerned with ensuring that employees aren’t fired without “just cause or a bona fide economic reason,” and the reason can’t be based on electronic monitoring, which the bill defines as ““the collection of information concerning employee activities, communications, actions, biometrics or behaviors by electronic means including, but not limited to, video or audio surveillance, electronic employee work speed data.”
And yet the nation’s most stringent biometric privacy law might get watered down, if only a little bit:
Proposed Bill Seeks BIPA Exemption for Hospitals
Proposed legislation in Illinois’s House of Representatives is aimed at carving out an exemption for healthcare providers from the state’s wide-ranging Biometric Information Privacy Act (BIPA). Bill HB 1230 appears to be narrowly aimed at the kind of BIPA lawsuit that is based on alleged failures to acquire employees’ explicit, written consent for the collection of biometric data: it would exempt any health care employer from BIPA so long as the employer hired a worker under the Health Care Worker Background Check Act, does not sell or trade the worker’s biometric data, and has a data use and retention policy in place.
Meanwhile, a California congressman tried to draw national attention to the biometric privacy issue:
Congressman Calls for Regulatory Agency for AI
Rep. Ted Lieu (D-California) has authored (most of) a New York Times op-ed calling for the creation of a federal agency for the regulation of AI technologies, highlighting facial recognition as an AI tool that could “result in an intrusive public and private surveillance state” if left unchecked. Lieu argues that an agency “is nimbler than the legislative process, is staffed with experts and can reverse its decisions if it makes an error.” He notes, “as a member of Congress, I am freaked out by A.I.
There will surely be much more to follow in the coming weeks, so stay tuned to FindBiometrics for the next regulatory developments.
January 27, 2023 – by Alex Perala