The state of Virginia recently enacted a law banning local law enforcement and campus police departments from using facial recognition technology. Facial recognition technology is defined as an “electronic system for enrolling, capturing, extracting, comparing, and matching an individual’s geometric facial data to identify individuals in photos, videos, or real time.” The law states that no local law enforcement agency shall purchase or deploy facial recognition technology unless such purchase or deployment of such technology is expressly authorized by statute. The law further states that such statute shall require that any facial recognition technology purchased or deployed by the local law-enforcement agency be maintained under the exclusive control of such local law-enforcement agency and that any data contained by such facial recognition technology be kept confidential, not be disseminated or resold, and be accessible only by a search warrant.

The law does not apply to commercial use at airports. Some cities, including San Francisco, have banned facial recognition technology by law enforcement. According to the National Council of State Legislators, California, New Hampshire, and Oregon have placed restrictions on the use of facial recognition technology in police body cameras. Other states (Texas and Florida) as well as the FBI continue to use facial recognition technology. The Congressional Research Service issued a report last year on federal law enforcement agencies’ use of facial recognition technology, which also included information on the privacy and security of such technology and the National Institute of Standards and Technology’s (NIST) work in this area. We will be watching as other states and municipalities join the debate on this technology.

Photo of Deborah George Deborah George

Deborah George is a member of Robinson+Cole’s Business Litigation Group as well as its Data Privacy + Cybersecurity Team. Ms. George advises clients on and focuses her practice on data privacy and security, cybersecurity, and compliance with related state and federal laws. She…

Deborah George is a member of Robinson+Cole’s Business Litigation Group as well as its Data Privacy + Cybersecurity Team. Ms. George advises clients on and focuses her practice on data privacy and security, cybersecurity, and compliance with related state and federal laws. She also has experience providing counsel in civil litigation and employment law matters. She has significant experience offering advice and counsel on legal issues related to human services agencies, including Medicaid, as well as drafting and reviewing contracts, business associate agreements, and data use agreements. Read her full rc.com bio here.