New York City (“NYC”) has quickly become one of the newest hotbeds of biometric privacy legislative activity, having enacted several laws since the start of 2021 that directly govern the collection and use of biometric data.
In addition to the New York City Tenant Data Privacy Act (“TDPA”), which regulates the use of biometric data by owners and operators of “smart access buildings,” New York City Council also enacted the nation’s first municipal-level biometric privacy law regulating “commercial establishments” (the “NYC Biometrics Ordinance”), which went into effect on July 9, 2021.
Because the NYC Biometrics Ordinance will almost certainly not be the last of its kind, commercial establishments that utilize biometric data in their business operations—even those located beyond the borders of the Big Apple—should take proactive steps to implement robust biometric privacy compliance programs to ensure continued compliance with current and anticipated biometrics laws to mitigate potential liability exposure.
- Scope/Applicability: The NYC Biometrics Ordinance applies to the collection and use of “biometric identifier information” by “commercial establishments.”
- “Biometric Identifier Information”: Biometric identifier information is defined in broad terms as any “physiological or biological characteristic that is used by or on behalf of a commercial establishment, singly or in combination, to identify, or assist in identifying, an individual, including but not limited to: (i) a retina or iris scan, (ii) a fingerprint or voiceprint, (iii) a scan of hand or face geometry, or any other identifying characteristic.”
- “Commercial Establishment”: Commercial establishment is broadly defined to mean “a place of entertainment, a retail store, or a food and drink establishment.”