Scarinci Hollenbeck, LLC
The Firm
201-896-4100 info@sh-law.comAre You Ready to Follow NYC’s Biometric Privacy Law?
Author: Scarinci Hollenbeck, LLC|June 18, 2021
New York City’s biometric privacy ordinance is slated to take effect on July 9, 2021...
Are You Ready to Follow NYC’s Biometric Privacy Law?
New York City’s biometric privacy ordinance is slated to take effect on July 9, 2021...
New York City’s biometric privacy ordinance is slated to take effect on July 9, 2021...
New York City’s biometric privacy ordinance is slated to take effect on July 9, 2021. The new law requires businesses to notify customers if they collect, retain, or share biometric information.
New York City’s Biometric Privacy Ordinance
Under New York City’s biometric privacy ordinance, any commercial establishment that collects, retains, converts, stores or shares biometric identifier information of customers must disclose such activity by placing a “clear and conspicuous” sign near all of the commercial establishment’s customer entrances. The disclosure must notify customers in “plain, simple language” that customers’ biometric identifier information is being collected, retained, converted, stored or shared, as applicable. The ordinance also makes it “unlawful to sell, lease, trade, share in exchange for anything of value or otherwise profit from the transaction of biometric identifier information.”
Applicability
New York’s City biometric privacy ordinance defines “biometric identifier information” as any “physiological or biological characteristic that is used by or on behalf of a commercial establishment, singly or in combination, to identify, or assist in identifying, an individual, including, but not limited to: (i) a retina or iris scan, (ii) a fingerprint or voiceprint, (iii) a scan of hand or face geometry, or any other identifying characteristic.”
The ordinance applies to the following commercial establishments:
- Food and drink establishment: An establishment that gives or offers for sale food or beverages to the public for consumption or use on or off the premises, or on or off a pushcart, stand or vehicle.
- Place of entertainment: Any privately or publicly owned and operated entertainment facility, such as a theater, stadium, arena, racetrack, museum, amusement park, observatory, or other place where attractions, performances, concerts, exhibits, athletic games or contests are held.
- Retail store: An establishment wherein consumer commodities are sold, displayed or offered for sale, or where services are provided to consumers at retail.
The ordinance expressly exempts financial institutions and government agents. Additionally, it does not apply to biometric identifier information collected through photographs or video recordings, if: (i) the images or videos collected are not analyzed by software or applications that identify, or that assist with the identification of, individuals based on physiological or biological characteristics, and (ii) the images or video are not shared with, sold or leased to third-parties other than law enforcement agencies.
Private Right of Action
The biometric privacy ordinance establishes a private right of action. At least 30 days prior to initiating any action against a commercial establishment for a violation of the notice requirement, the aggrieved person must provide written notice to the commercial establishment setting forth their allegation. If, within 30 days, the commercial establishment cures the violation and provides the aggrieved person an express written statement that the violation has been cured and that no further violations shall occur, no action may be initiated against the commercial establishment. If a commercial establishment continues to violate the ordinance, the aggrieved person may initiate an action. No prior written notice is required for actions alleging a violation of the provision prohibiting the sale/sharing of biometric data.
A prevailing party may recover damages of $500 for each violation of the notice requirement, as well as for each negligent violation of the prohibition of the sale/sharing of biometric data. For each intentional or reckless violation of the provision prohibiting the sale/sharing of biometric data, damages of $5,000 may be awarded. Courts are also authorized to award a prevailing party reasonable attorneys’ fees and costs, including expert witness fees and other litigation expenses.
Next Steps for New York Businesses
The compliance deadline for New York City’s biometric privacy ordinance is quickly approaching. We encourage businesses that are subject to its requirements — retail stores, restaurants, and entertainment venues — to review the data you collect from customers. If it includes biometric data, it is imperative to start taking steps to comply with the new law.
If you have questions, please contact us
If you have any questions or if you would like to discuss the matter further, please contact me, Maryam Meseha, or the Scarinci Hollenbeck attorney with whom you work, at 201-896-4100.
Key Contacts
Are You Ready to Follow NYC’s Biometric Privacy Law?
Author: Scarinci Hollenbeck, LLC
New York City’s biometric privacy ordinance is slated to take effect on July 9, 2021...
New York City’s biometric privacy ordinance is slated to take effect on July 9, 2021. The new law requires businesses to notify customers if they collect, retain, or share biometric information.
New York City’s Biometric Privacy Ordinance
Under New York City’s biometric privacy ordinance, any commercial establishment that collects, retains, converts, stores or shares biometric identifier information of customers must disclose such activity by placing a “clear and conspicuous” sign near all of the commercial establishment’s customer entrances. The disclosure must notify customers in “plain, simple language” that customers’ biometric identifier information is being collected, retained, converted, stored or shared, as applicable. The ordinance also makes it “unlawful to sell, lease, trade, share in exchange for anything of value or otherwise profit from the transaction of biometric identifier information.”
Applicability
New York’s City biometric privacy ordinance defines “biometric identifier information” as any “physiological or biological characteristic that is used by or on behalf of a commercial establishment, singly or in combination, to identify, or assist in identifying, an individual, including, but not limited to: (i) a retina or iris scan, (ii) a fingerprint or voiceprint, (iii) a scan of hand or face geometry, or any other identifying characteristic.”
The ordinance applies to the following commercial establishments:
- Food and drink establishment: An establishment that gives or offers for sale food or beverages to the public for consumption or use on or off the premises, or on or off a pushcart, stand or vehicle.
- Place of entertainment: Any privately or publicly owned and operated entertainment facility, such as a theater, stadium, arena, racetrack, museum, amusement park, observatory, or other place where attractions, performances, concerts, exhibits, athletic games or contests are held.
- Retail store: An establishment wherein consumer commodities are sold, displayed or offered for sale, or where services are provided to consumers at retail.
The ordinance expressly exempts financial institutions and government agents. Additionally, it does not apply to biometric identifier information collected through photographs or video recordings, if: (i) the images or videos collected are not analyzed by software or applications that identify, or that assist with the identification of, individuals based on physiological or biological characteristics, and (ii) the images or video are not shared with, sold or leased to third-parties other than law enforcement agencies.
Private Right of Action
The biometric privacy ordinance establishes a private right of action. At least 30 days prior to initiating any action against a commercial establishment for a violation of the notice requirement, the aggrieved person must provide written notice to the commercial establishment setting forth their allegation. If, within 30 days, the commercial establishment cures the violation and provides the aggrieved person an express written statement that the violation has been cured and that no further violations shall occur, no action may be initiated against the commercial establishment. If a commercial establishment continues to violate the ordinance, the aggrieved person may initiate an action. No prior written notice is required for actions alleging a violation of the provision prohibiting the sale/sharing of biometric data.
A prevailing party may recover damages of $500 for each violation of the notice requirement, as well as for each negligent violation of the prohibition of the sale/sharing of biometric data. For each intentional or reckless violation of the provision prohibiting the sale/sharing of biometric data, damages of $5,000 may be awarded. Courts are also authorized to award a prevailing party reasonable attorneys’ fees and costs, including expert witness fees and other litigation expenses.
Next Steps for New York Businesses
The compliance deadline for New York City’s biometric privacy ordinance is quickly approaching. We encourage businesses that are subject to its requirements — retail stores, restaurants, and entertainment venues — to review the data you collect from customers. If it includes biometric data, it is imperative to start taking steps to comply with the new law.
If you have questions, please contact us
If you have any questions or if you would like to discuss the matter further, please contact me, Maryam Meseha, or the Scarinci Hollenbeck attorney with whom you work, at 201-896-4100.
Firm News & Press Releases
Scarinci & Hollenbeck, LLC Ranked by Best Law Firms® in 2025
Angela Turiano to Serve as Mock Arbitrator for Fordham Law Securities Arbitration Clinic
Scarinci & Hollenbeck, LLC Welcomes Six Talented Attorneys to Boost Litigation, Public, and Real Estate Law Practice Groups
No Aspect of the advertisement has been approved by the Supreme Court. Results may vary depending on your particular facts and legal circumstances.