What to Know
- Currently biometric data like facial scans are not considered private under New York state law
- The proposed SHIELD Act would install tough new data security requirements for companies like Facebook that use biometric data
- Bi-monthly ethics disclosures show that Facebook was actively lobbying on the SHIELD Act going back to last fall
Lobbying records uncovered by the I-Team show Facebook has repeatedly listed the New York SHIELD Act as one of the bills upon which it seeks to influence Albany lawmakers.
The SHIELD Act is a proposed reform that would classify biometric data -- including facial scans -– as private information in New York. Currently, biometric data is not considered private under state law, and companies that collect biometrics -- like finger print scans, retina scans, and facial scans -- don’t have to tell if hackers breach their datasets.
The SHIELD Act, now before the state legislature, would install tough new data security requirements for companies like Facebook that collect and use scans of facial features.
“To me, and I think to a lot of people, I would consider my biometric information my most private data,” said New York Attorney General Eric Schneiderman. “Right now, if you walk into a store and they’re scanning your faces and putting it in a database, it is really tough to take any sort of legal action about that.”
Schneiderman is urging Albany lawmakers to pass the SHIELD Act. But even as he pushes hard for the reform, Facebook lobbyists have sought to flex their muscle on the bill. Bi-monthly ethics disclosures show the social network was actively lobbying on the SHIELD Act going back to last fall.
Facebook sent the I-Team an email saying the company is reviewing the bill and the company’s lobbying efforts were aimed at provisions in the bill that do not pertain to biometric data. The email went on to say Facebook looks forward to continued discussions to help protect New Yorkers’ personal information.
Genevieve Grdina, a Facebook spokeswoman, said the company’s face recognition technology, which Facebook calls “tag suggest,” goes a long way to protect privacy because it is a feature from which users can easily opt out.
“Our tag suggest feature has been available since 2010, and we have always been very up-front about how it works. We also give people the tools to easily turn off tag suggest, which deletes any data we used to suggest you in a photo tag,” Grdina said.
Just this week, a federal judge allowed a group of Illinois Facebook users to proceed with a class action lawsuit against Facebook under that state’s Biometric Information Privacy Act. In their complaint, they say Facebook violated the 2008 Illinois law because it requires companies get a “written release” before collecting a person’s biometric information - including her or his “face geometry.”
In court filings, Facebook responded by saying its tag suggest feature does not actually violate the Illinois law – because it doesn’t use face geometry as defined by the law. Lawyers for Facebook also insist social media users provide all the necessary consent for facial recognition - when they sign up and agree to the social network terms of service.
Unlike Illinois’ Biometric Information Privacy Act, the New York SHIELD Act would not specifically require companies obtain written consent before collecting biometric data. Despite that, the bill’s sponsor, Sen. David Carlucci (D-Rockland), said he admires what Illinois lawmakers have done to give social media users more control.
“I think Illinois is on the right track,” Carlucci said. “We’re in a society where there are pictures taken of us all the time. Our biometric data has become more and more important so it is something we have to protect.”
After this story was originally published, a Facebook spokesperson confirmed the company met with Attorney General Schneiderman's staff and Facebook now supports the SHIELD Act.
The bill will be considered by the State Senate and Assembly when lawmakers return to Albany this spring.