Earlier this year, New York City passed a law restricting the collection and/or use of biometric technology by certain businesses. The new law went into effect July 9, meaning applicable businesses must now meet the law's requirements.Businesses need only look to similar laws in other states, particularly Illinois, for a glimpse at the litigation that may come should they fail to abide by the new law’s provisions.“Biometric identifier information” is defined as a physiological or biological characteristic used to identify, or assist in identifying, an individual, such as an eye scan, fingerprint, voiceprint, or facial scan. Importantly, there is an exception for biometric identifier information collected through photographs or video that is not analyzed or sold to a third-party. In other words, security camera footage is not subject to the law’s requirements.Government institutions are entirely exempt from the act and financial institutions are explicitly excluded from the notice provision (discussed below) but may be subject to the sale provision (also discussed below). Unlike the notice provision, the sale provision fails to delineate which entities are, or are not, subject to its prohibitions and is likely to be tested by the courts at some point.
Authors is a partner at Patterson Belknap Webb & Tyler LLP, a law firm in New York that has a Privacy and Data Security Practice. Read more Patterson Belknap blogs here.
New York City Biometric Privacy Law: What Entities Are Covered?
Any “commercial establishment” collecting, retaining, storing, or sharing its customers’ biometric identifier information are covered under the law. This includes:- (a) places of entertainment, such as a theater, stadium, arena, racetrack, museum, amusement park, and observatory; (b)
- retail stores; and
- (c) food or drink establishments.




