Maryland Legislators Once Again Push for a BIPA-Style Biometric Privacy Bill

For the second year in a row, amidst a wave of biometric lawsuits in other states, Maryland legislators have introduced a new biometric privacy law mimicking the Illinois Biometric Information Privacy Act (BIPA). In 2021, a similar proposed law (HB 0218) failed to make it past committee hearings and was withdrawn by its sole sponsor, Maryland House Delegate Sara Love. In contrast, its reincarnated version from 2022 garnered support from a number of delegates in both the Maryland House and Senate (HB 0259 cross-filed as SB 335, referred to as the Biometric Identifiers Privacy Act). The Maryland Senate Finance Committee held a hearing on SB 335 on February 9, 2022, but no vote was taken. One day later, in a letter published by the Baltimore Sun, Delegate Love and Delegate Brian Feldman stated their case for the bill, arguing that Maryland must set limits on the collection and use of biometric identifiers. The letter touched on current societal issues, citing the use of biometric identifiers in wrongful arrests, racial discrimination, and arguing that Maryland's lack of legislation on the matter constituted a "danger to all of [Maryland citizens] core constitutional rights." The proposed bill would regulate the use of biometric identifiers by private entities, including by requiring certain private entities in possession of biometric identifiers to develop a policy, made available to the public, establishing a retention schedule and destruction guidelines for biometric identifiers; and authorizing an individual alleging a violation of the Act to bring a civil action against the offending private entity. If the bill passes, Maryland will join Texas, Illinois, and Washington in passing a state-wide biometric privacy law. The City of Baltimore has passed Ordinance 21-038, which prohibits the use of facial surveillance technology and imposes criminal penalties under certain circumstances. It remains to be seen if other states will also adopt their own biometric privacy laws. However, in light of this growing trend, companies are advised to carefully consider whether biometric data is necessary for their anticipated business functions and if so, ensure compliance with these laws across the United States to ensure compliance across the board with existing and anticipated laws.