The bill, according to Rep. Dylan Fernandes, would prevent companies from sharing customers’ data without their consent as a way to protect individuals from financial, physical or reputational harm.
Examples of actions that the legislation would punish include selling customer data to third parties, scanning data to discriminate against customers or using data in a way that would legally impact a customer’s financial status, housing or employment situation.
“I’ve seen similar bills,” Fernandes said, “but this one is different because it places regulations on companies to ensure that they don’t actively harm or engage in unfair client practices by using facial recognition data in a harmful way.”
To enforce the regulations, he said, the bill would allow citizens to submit a complaint to the attorney general’s office. Once the complaint is reviewed, the office could either ask the company to pay a fine of no more than $5,000 for each violation or defer the issue to a court that would decide what is rightfully owed to the impacted individuals.
“This bill gives the AG’s office regulation drafting and enforcement authority over facial recognition technology and data,” a spokesperson from the office said via email. “In these instances, this work would fall within an already established bureau or division within the office, likely on the civil side.”
However, the spokesperson added that “since the bill has not passed yet, it’s too early to predict which division or bureau would handle this at this specific time.”
Fernandes believes the aims of the bill "should have become law years ago."
"Our face defines who we are and how society sees us," he said. "There is a lot of room for abuse and mismanagement in terms of the collection and use of facial recognition technology.”
The American Civil Liberties Union of Massachusetts voiced a similar message about the bill, highlighting the need for accountability.
“Biometric surveillance technologies like facial recognition give government entities and corporations unprecedented power to track who we are, where we go, what we do and who we know,” Kade Crockford, director of the Technology for Liberty Program at the ACLU of Massachusetts, said via email. “In order to maintain control over one's personal life, we must be able to control our own sensitive data, including our biometric information. No corporation should be able to collect our biometric data without our affirmative, opt-in consent.”