Baltimore recently prohibited several uses of “face surveillance” technology.  Under the new law companies cannot use systems that identify or verify individuals based on their face.  The law also prohibits saving information gathered from these systems.  Getting an individual’s consent is not a way around the prohibition. Nor is promising not to connect information gathered with other personal information.

There is an important exception that many companies will find useful. Namely, the law permits facial recognition technologies that are used to give access to specific locations or devices.  Some are concerned that the law is overly restrictive. It applies to both people and companies, and does not have standard exceptions like research.  Coding projects that scan and use data of the researchers’ own faces would thus be a violation.

Violations of the law are misdemeanors that can result in a 12-month prison term and/or a $1,000 fine.  The law went into effect on September 8, 2021 and automatically expires on December 31, 2022.  The city council can extend the bill for another five years if it determines that the law remains in the public interest.

Putting it Into Practice: Organizations with operations in Baltimore will want to review their use of facial recognition technology.  While using the tools for accessing locations or services is acceptable, use beyond this is prohibited.