Privacy and the Law: Private Use of Facial Recognition Technology Banned in Portland featured image

Privacy and the Law: Private Use of Facial Recognition Technology Banned in Portland

by John DiGiacomo

Partner

Internet Law

The City of Portland, Oregon, just banned the use of facial recognition technology by private businesses and individuals. See Popular Mechanics news report here. Portland previously banned use of facial recognition by law enforcement and city agencies. However, now all private entities are prohibited from using facial recognition software and technology anywhere in the City in any “places of public accommodation.” In practice, the prohibition covers almost every business that is open to the public.

The ordinance has three exceptions:

(1) where facial recognition technology is necessary for compliance with federal and/or state laws

(2) use for social media applications and

(3) use as verification for an individual’s access to communication and electronic devices

The ordinance authorizes individuals to bring civil actions against entities that commit “material violations” of the ordinance. The ordinance allows an award of statutory damages of $1,000 per day for each violation and attorney’s fees under some circumstances. In short, violating the new ordinance will result in potentially catastrophic lawsuits. The new ordinance will go into effect January 1, 2021.

Portland is the first government entity to ban private use of facial recognition technology. This may be a new legal trend which might be encouraging for privacy advocates or worrisome for businesses that rely on facial recognition as a means of identification and security. At minimum, businesses in Portland may be facing a new round of expensive litigation.

As many know, facial recognition software and technology takes an image of a person’s face, and “maps” that image as a means of identification. Facial recognition is a form of biometrics which is a suite of technologies that can be used to identify a person based on their unique characteristics. Fingerprints and retinal scans are common examples of biometrics; facial recognition is less well-known. Facial recognition software has long been used by cellular phones and other electronic devices as a security measure; the ordinance allows that practice to continue. Likewise, some automobile manufacturers use the technology as a form of theft prevention and security. That may now be prohibited in Portland. Many are less aware that facial recognition is routinely used as a security measure by private companies to identify customers. Banks and financial institutions often use the technology to identify account holders. That will now stop in Portland.

Privacy advocates object to use of facial recognition technology on many grounds, not least of which are lack of notice and lack of consent. Mandating notice and consent are often the “go-to” strategies for those that are trying to regulate use of private data and information. For example, these are the key components of the California Consumer Privacy Act and the Illinois Biometrics Privacy Act. However, the Portland ordinance is notable since it does not attempt to impose notice and/or consent requirements. The ordinance simply prohibits use of the technology. It will be interesting to see if other states and local governments use the Portland ordinance as a template resulting in more widespread prohibition of facial recognition technology.

For more information or if you have legal questions about the use of biometric technologies, contact the data privacy lawyers at Revision Legal at 231-714-0100.

Extra, Extra!
Recent Posts

California: Retailers Must Warn That Digital Goods Can Be Taken Away

California: Retailers Must Warn That Digital Goods Can Be Taken Away

Internet Law

California Assembly Bill No. 2426, recently enacted into law, introduces significant amendments to the Business and Professions Code, specifically targeting consumer protection against false advertising in the realm of digital goods. This legislation, approved by the Governor on September 24, 2024, aims to address the misleading practices often associated with the sale of digital goods, […]

Read more about California: Retailers Must Warn That Digital Goods Can Be Taken Away

E-Commerce Package Protection May Violate Insurance Law

E-Commerce Package Protection May Violate Insurance Law

Internet Law

E-commerce business owners often look for ways to increase their cart size to in turn increase the revenue of their business. Many resort to adding package protection, a form of warranty or guaranty that a package will arrive undamaged. However, many of these package protection products may run afoul of state insurance law. E-commerce merchant […]

Read more about E-Commerce Package Protection May Violate Insurance Law

Challenges in Protecting Children’s Online Privacy: COPPA and TikTok

Challenges in Protecting Children’s Online Privacy: COPPA and TikTok

Internet Law

Protecting the privacy of children’s online personal data is complicated and challenging. The problems are made more difficult by the fact that, seemingly, children are happy to skirt and evade the various efforts made by online platforms to protect their privacy and by the fact that data collection businesses are happy if those efforts succeed. […]

Read more about Challenges in Protecting Children’s Online Privacy: COPPA and TikTok

Put Revision Legal on your side