Privacy & Information Security Law Blog

On March 12, 2020, the Washington State Legislature passed SB 6280, which establishes safeguards for the use of facial recognition technology by state and local government agencies. Its stated goal is to allow the use of facial recognition services in ways that benefit society, but prohibit uses that put freedoms and civil liberties at risk.

SB 6280 requires any state or local government agency intending to use a facial recognition service to file a notice of intent for the service and specify a purpose for which the technology will be used. It also requires the production of an “accountability report” that, among other things, provides:

• A description of the service and its proposed use;
• The type of data the service uses and how that data is generated, collected and processed;
• A clear use and data management policy, which must include measures taken to minimize inadvertent collection of data, data integrity and retention policies, applicable data security measures, whether the agency intends to share data, and the agency’s training procedures for use of the service;
• Information on the service’s rate of false matches;
• A description detailing any potential impact of the service on civil rights and liberties; and
• Procedures for receiving feedback from affected individuals.

The accountability report is subject to a public review and comment period and community consultation meetings, and must be clearly communicated to the public at least 90 days prior to the implementation of the facial recognition service.

The law also requires:

• That any decisions made by the facial recognition service that produce legal effects concerning individuals are subject to meaningful human review;
• Testing in operational conditions of facial recognition technology that produces legal effects on individuals prior to deployment;
• Testing for accuracy and unfair performance across distinct subpopulations defined by characteristics such as race, skin tone, ethnicity, gender, age or disability status, and mitigation of unfair performance resulting from that testing;
• Training of all individuals who operate a facial recognition service;
• Disclosure of the use of a facial recognition service on a criminal defendant prior to trial;
• Retention of records of use of a facial recognition service;
• Judges to report when warrants for use of a facial recognition services were granted or denied; and
• The establishment of a facial recognition task force to provide recommendations addressing the potential abuses and threats posed by the use of facial recognition services and the adequacy and effectiveness of Washington state laws.

The law prohibits:

• The use of a facial recognition service for ongoing surveillance, real-time identification or persistent tracking without a warrant, exigent circumstances or a court order;
• The application of facial recognition services on an individual based on characteristics such as religious, political or social views or race, ethnicity or citizenship; and
• The use of a facial recognition service as the sole basis to establish probable cause in a criminal investigation.