Privacy & Information Security Law Blog

On September 9, 2020, Portland, Oregon became the first jurisdiction in the country to ban the private-sector use of facial recognition technology in public places within the city, including stores, restaurants and hotels. The city Ordinance was unanimously passed by the Portland City Council and will take effect on January 1, 2021. The City Council cited as rationale for the Ordinance documented instances of gender and racial bias in facial recognition technology, and the fact that marginalized communities have been subject to “over surveillance and [the] disparate and detrimental impact of the use of surveillance.”

Beginning January 1, 2021, “private entities” will be prohibited from using “face recognition technologies” in “places of public accommodation” within Portland, except (1) to the extent necessary to comply with federal, state or local laws; (2) for user verification purposes to access the user’s own personal or employer-issued communication and electronic devices; or (3) in automatic face detection services in social media applications.

The Ordinance provides for a private right of action for damages sustained as a result of a private entity’s material violation of the Ordinance, or $1,000 per day for each day of the violation, whichever amount is greater, as well as other remedies as may be appropriate.

The Ordinance uses the following defined terms:

• “Face Recognition”: “the automated searching for a reference image in an image repository by comparing the facial features of a probe image with the features of images contained in an image repository (one-to-many search). A face recognition search will typically result in one or more most likely candidates—or candidate images—ranked by computer-evaluated similarity or will return a negative result.”
• “Face Recognition Technologies”: “automated or semi-automated processes using Face Recognition that assist in identifying, verifying, detecting, or characterizing facial features of an individual or capturing information about an individual based on an individual's face.”
• “Places of Public Accommodation”: “any place  or  service  offering  to  the  public  accommodations, advantages, facilities, or privileges whether in the nature of goods, services, lodgings, amusements, transportation or otherwise,” but does not include “an institution, bona fide club, private residence, or place of accommodation that is in its nature distinctly private.”
• “Private Entity”: “any individual, sole proprietorship, partnership, corporation, limited liability company, association, or any other legal entity, however organized,” but does not include any government agency.

The City Council also passed a separate ordinance banning the use of facial recognition technology by the city government (including local police), joining cities such as Boston and San Francisco that have similar ordinances.