Fake IDs may soon be a relic of the past, with businesses increasingly adopting digital age verification tools…
Fake IDs may soon be a relic of the past, with businesses increasingly adopting digital age verification tools. While using technology may be more accurate, it also raises serious privacy and data security concerns.
States like New York are among the first to regulate the use of biometric age verification. A proposed bill would allow establishments like bars and restaurants to rely on the technology, while imposing requirement for how biometric data must be handled.
Age Verification Goes Digital
Many different types of businesses are tasked with “age gating,” the process of asking website visitors to confirm that they are old enough to use the site’s products or services before continuing. Examples include sports betting sites, online alcohol retailers, gaming platforms, social media apps, and cannabis sellers. In many cases, users are simply required to enter their birthdate. Because nothing is done to verify the information provided by the website visitor, age gates are easy to get around.
When operating both online and in person, businesses are increasingly relying on high-tech solutions to conduct customer age verification. Some biometric systems require users to pre-enroll, which can generally be done through a mobile app. Amazon relies on palm recognition while CLEAR uses facial recognition. Both are being used in sports stadiums to allow patrons to bypass having to show their ID to purchase alcohol. In some stadiums, you can even order a beer directly to your seat.
Other age verification technologies don’t require users to submit any information, and instead use neural networks to estimate the age of the person looking at the screen at a checkout. For instance, a system called MyCheckr “takes an image of your face, analyzes that image, and returns whether or not you’re over the ‘challenge age,’” according to a recent Axios article.
New York Biometric Identity Verification Legislation
New York lawmakers are currently considering legislation that greenlights the use of biometric identity verification devices for the purchase of alcoholic beverages and tobacco products. According to sponsors, “Biometric age verification will help consumers and businesses by allowing people to enter their favorite establishments, or make alcohol or tobacco purchases quickly and without having to present photo identification, or even give their names and dates of birth.”
Senate Bill S6656 authorizes a licensee, its agent or employee to determine a person’s age when purchasing alcoholic beverages or tobacco products by use of a biometric identity verification device. It further amends § 1399-cc of the Public Health Law to include biometric age verification as an affirmative defense to the sale of tobacco products to an underage individual.
The legislation defines a “biometric identity verification device” as a “commercial device that instantly verifies the identity and age of a person by an electronic scan of a biometric of such person, via a fingerprint, iris image, facial image, or other biometric, which is referenced against any record described in the bill (license, passports, etc.), where 1.) the authenticity of the record was previously verified by an electronic authentication process, 2.) The identity of the record holder was previously verified through a commercially available knowledge based electronic authentication process, and 3.) The authenticated record was securely linked to biometrics contemporaneously collected from the verified record holder and stored on a centralized, highly secured, encrypted biometric database.
New York City’s Biometrics Law
New York City already regulate the collection of biometric data by commercial establishments.Under New York City’s biometric privacy ordinance, which took effect on July 9, 2021, businesses must post notices and signs at their doors informing customers how their data will be collected. Failing to comply with the notice requirement can result in costly penalties.
New York City’s biometric data privacy ordinance specifically requires any commercial establishment that collects, retains, converts, stores or shares biometric identifier information of customers to disclose such activity by placing a “clear and conspicuous” sign near all of the commercial establishment’s customer entrances. The disclosure must notify customers in “plain, simple language” that customers’ biometric identifier information is being collected, retained, converted, stored or shared, as applicable. New York City has provided a sample sign, which is available here: https://www.nyc.gov/assets/dca/downloads/pdf/businesses/Biometric-Identifier-Information-Disclosure-Sign.pdf
The ordinance also makes it “unlawful to sell, lease, trade, share in exchange for anything of value or otherwise profit from the transaction of biometric identifier information.” Notably, none of the categories of biometric identifier information are excluded from this requirement.
Much like the Illinois Biometric Information Privacy Act (BIPA), New York City’s biometric privacy ordinance establishes a private right of action. A prevailing party may recover damages of $500 for each violation of the notice requirement, as well as for each negligent violation of the prohibition of the sale/sharing of biometric data. For each intentional or reckless violation of the provision prohibiting the sale/sharing of biometric data, damages of $5,000 may be awarded. Courts are also authorized to award a prevailing party reasonable attorneys’ fees and costs, including expert witness fees and other litigation expenses.
Key Takeaway
Biometrics are increasingly being used for age verification. Like all new technology, it will take some time for regulators to catch up. We encourage businesses that elect to use biometric identity verification systems to work with experienced counsel to ensure that you are addressing any potential legal risks and obligations.
If you have questions, please contact us
If you have questions or if you would like to discuss the matter further, please contact me, Dan Brecher, or the Scarinci Hollenbeck attorney with whom you work, at 201-896-4100.
Does Your Homeowners Insurance Provide Adequate Coverage?
Your home is likely your greatest asset, which is why it is so important to adequately protect it. Homeowners insurance protects you from the financial costs of unforeseen losses, such as theft, fire, and natural disasters, by helping you rebuild and replace possessions that were lost While the definition of “adequate” coverage depends upon a […]
Understanding the Importance of a Non-Contingent Offer
Making a non-contingent offer can dramatically increase your chances of securing a real estate transaction, particularly in competitive markets like New York City. However, buyers should understand that waiving contingencies, including those related to financing, or appraisals, also comes with significant risks. Determining your best strategy requires careful analysis of the property, the market, and […]
Fred D. Zemel Appointed Chair of Strategic Planning at Scarinci & Hollenbeck, LLC
Business Transactional Attorney Zemel to Spearhead Strategic Initiatives for Continued Growth and Innovation Little Falls, NJ – February 21, 2025 – Scarinci & Hollenbeck, LLC is pleased to announce that Partner Fred D. Zemel has been named Chair of the firm’s Strategic Planning Committee. In this role, Mr. Zemel will lead the committee in identifying, […]
Novation Agreement Process: Step-by-Step Guide for Businesses
Big changes sometimes occur during the life cycle of a contract. Cancelling a contract outright can be bad for your reputation and your bottom line. Businesses need to know how to best address a change in circumstances, while also protecting their legal rights. One option is to transfer the “benefits and the burdens” of a […]
What Is a Trade Secret? Key Elements and Legal Protections Explained
What is a trade secret and why you you protect them? Technology has made trade secret theft even easier and more prevalent. In fact, businesses lose billions of dollars every year due to trade secret theft committed by employees, competitors, and even foreign governments. But what is a trade secret? And how do you protect […]
What Is Title Insurance? Safeguarding Against Title Defects
If you are considering the purchase of a property, you may wonder — what is title insurance, do I need it, and why do I need it? Even seasoned property owners may question if the added expense and extra paperwork is really necessary, especially considering that people and entities insured by title insurance make fewer […]
No Aspect of the advertisement has been approved by the Supreme Court. Results may vary depending on your particular facts and legal circumstances.
Sign up to get the latest from our attorneys!
Explore What Matters Most to You.
Consider subscribing to our Firm Insights mailing list by clicking the button below so you can keep up to date with the firm`s latest articles covering various legal topics.
Stay informed and inspired with the latest updates, insights, and events from Scarinci Hollenbeck. Our resource library provides valuable content across a range of categories to keep you connected and ahead of the curve.
What Businesses Need to Know About the Risks and Rewards of Biometric Age Verification
Author: Dan Brecher
Fake IDs may soon be a relic of the past, with businesses increasingly adopting digital age verification tools…
Fake IDs may soon be a relic of the past, with businesses increasingly adopting digital age verification tools. While using technology may be more accurate, it also raises serious privacy and data security concerns.
States like New York are among the first to regulate the use of biometric age verification. A proposed bill would allow establishments like bars and restaurants to rely on the technology, while imposing requirement for how biometric data must be handled.
Age Verification Goes Digital
Many different types of businesses are tasked with “age gating,” the process of asking website visitors to confirm that they are old enough to use the site’s products or services before continuing. Examples include sports betting sites, online alcohol retailers, gaming platforms, social media apps, and cannabis sellers. In many cases, users are simply required to enter their birthdate. Because nothing is done to verify the information provided by the website visitor, age gates are easy to get around.
When operating both online and in person, businesses are increasingly relying on high-tech solutions to conduct customer age verification. Some biometric systems require users to pre-enroll, which can generally be done through a mobile app. Amazon relies on palm recognition while CLEAR uses facial recognition. Both are being used in sports stadiums to allow patrons to bypass having to show their ID to purchase alcohol. In some stadiums, you can even order a beer directly to your seat.
Other age verification technologies don’t require users to submit any information, and instead use neural networks to estimate the age of the person looking at the screen at a checkout. For instance, a system called MyCheckr “takes an image of your face, analyzes that image, and returns whether or not you’re over the ‘challenge age,’” according to a recent Axios article.
New York Biometric Identity Verification Legislation
New York lawmakers are currently considering legislation that greenlights the use of biometric identity verification devices for the purchase of alcoholic beverages and tobacco products. According to sponsors, “Biometric age verification will help consumers and businesses by allowing people to enter their favorite establishments, or make alcohol or tobacco purchases quickly and without having to present photo identification, or even give their names and dates of birth.”
Senate Bill S6656 authorizes a licensee, its agent or employee to determine a person’s age when purchasing alcoholic beverages or tobacco products by use of a biometric identity verification device. It further amends § 1399-cc of the Public Health Law to include biometric age verification as an affirmative defense to the sale of tobacco products to an underage individual.
The legislation defines a “biometric identity verification device” as a “commercial device that instantly verifies the identity and age of a person by an electronic scan of a biometric of such person, via a fingerprint, iris image, facial image, or other biometric, which is referenced against any record described in the bill (license, passports, etc.), where 1.) the authenticity of the record was previously verified by an electronic authentication process, 2.) The identity of the record holder was previously verified through a commercially available knowledge based electronic authentication process, and 3.) The authenticated record was securely linked to biometrics contemporaneously collected from the verified record holder and stored on a centralized, highly secured, encrypted biometric database.
New York City’s Biometrics Law
New York City already regulate the collection of biometric data by commercial establishments.Under New York City’s biometric privacy ordinance, which took effect on July 9, 2021, businesses must post notices and signs at their doors informing customers how their data will be collected. Failing to comply with the notice requirement can result in costly penalties.
New York City’s biometric data privacy ordinance specifically requires any commercial establishment that collects, retains, converts, stores or shares biometric identifier information of customers to disclose such activity by placing a “clear and conspicuous” sign near all of the commercial establishment’s customer entrances. The disclosure must notify customers in “plain, simple language” that customers’ biometric identifier information is being collected, retained, converted, stored or shared, as applicable. New York City has provided a sample sign, which is available here: https://www.nyc.gov/assets/dca/downloads/pdf/businesses/Biometric-Identifier-Information-Disclosure-Sign.pdf
The ordinance also makes it “unlawful to sell, lease, trade, share in exchange for anything of value or otherwise profit from the transaction of biometric identifier information.” Notably, none of the categories of biometric identifier information are excluded from this requirement.
Much like the Illinois Biometric Information Privacy Act (BIPA), New York City’s biometric privacy ordinance establishes a private right of action. A prevailing party may recover damages of $500 for each violation of the notice requirement, as well as for each negligent violation of the prohibition of the sale/sharing of biometric data. For each intentional or reckless violation of the provision prohibiting the sale/sharing of biometric data, damages of $5,000 may be awarded. Courts are also authorized to award a prevailing party reasonable attorneys’ fees and costs, including expert witness fees and other litigation expenses.
Key Takeaway
Biometrics are increasingly being used for age verification. Like all new technology, it will take some time for regulators to catch up. We encourage businesses that elect to use biometric identity verification systems to work with experienced counsel to ensure that you are addressing any potential legal risks and obligations.
If you have questions, please contact us
If you have questions or if you would like to discuss the matter further, please contact me, Dan Brecher, or the Scarinci Hollenbeck attorney with whom you work, at 201-896-4100.
Let`s get in touch!
Sign up to get the latest from the Scarinci Hollenbeck, LLC attorneys!
