The following has special meaning:
green underline denotes added text
red struck out text denotes deleted text
Powered by State Net
2020 MD S 476
Author: Sydnor
Version: Introduced
Version Date: 01/29/2020

SENATE BILL 476

By: Senator Sydnor

Introduced and read first time: January 29, 2020

Assigned to: Finance

A BILL ENTITLED

AN ACT concerning

Facial Recognition Privacy Protection Act

FOR the purpose of establishing certain requirements and certain prohibited actions relating to the provision of facial recognition services by certain persons under certain circumstances; requiring certain persons to provide certain notice whenever a facial recognition service is deployed in a certain premises and, except under certain circumstances, obtain certain consent from an individual before enrolling an image of a facial template of the individual in a facial recognition service; requiring certain users of facial recognition services to ensure that certain decisions are subject to a certain review; requiring certain users of facial recognition services to perform certain testing of the services and provide certain training to certain individuals; prohibiting certain persons from knowingly disclosing certain data except under certain circumstances; establishing certain rights and authorizing certain individuals to exercise those rights in a certain manner; requiring certain persons to comply with certain requests; requiring certain persons to assist certain persons in responding to certain requests; requiring certain persons to provide to certain individuals, within a certain time period and in a certain manner, certain information about certain action or inaction taken on certain requests under certain circumstances; authorizing certain persons to request certain information from certain individuals for a certain purpose; granting certain authority to the Office of the Attorney General to enforce certain provisions of this Act; establishing that certain violators of certain provisions of this Act may be subject to an injunction and certain penalties; requiring certain governmental units to produce and update certain reports at certain intervals through a certain process; requiring certain governmental units to communicate certain information to the public by certain deadlines, post certain reports on certain websites, and submit certain reports to the Department of Information Technology; prohibiting certain governmental units from using facial recognition services under certain circumstances and for certain purposes; prohibiting certain governmental units from applying a facial recognition service to an individual on certain bases; requiring certain governmental units to disclose the use of facial recognition services to certain individuals in a certain manner under certain circumstances; requiring certain governmental units to maintain certain records; requiring certain judges to report certain information to the Court of Appeals on or before a certain date each year; declaring certain findings of the General Assembly; defining certain terms; providing for the effect and construction of this Act; and generally relating to facial recognition services.

BY adding to

Article - Commercial Law

Section 14-4201 through 14-4207 to be under the new subtitle "Subtitle 42. Facial Recognition Services"

Annotated Code of Maryland

(2013 Replacement Volume and 2019 Supplement)

BY adding to

Article - State Government

Section 10-1701 through 10-1709 to be under the new subtitle "Subtitle 17. Facial Recognition Services"

Annotated Code of Maryland

(2014 Replacement Volume and 2019 Supplement)

SECTION 1. BE IT ENACTED BY THE GENERAL ASSEMBLY OF MARYLAND, That the Laws of Maryland read as follows:

Article - Commercial Law

SUBTITLE 42. FACIAL RECOGNITION SERVICES.

14-4201.

(A) IN THIS SUBTITLE THE FOLLOWING WORDS HAVE THE MEANINGS INDICATED.

(B) (1) "CONSENT" MEANS A CLEAR AFFIRMATIVE ACT SIGNIFYING A FREELY GIVEN, SPECIFIC, INFORMED, AND UNAMBIGUOUS INDICATION OF AN INDIVIDUAL'S AGREEMENT TO THE PROCESSING OF PERSONAL DATA RELATING TO THE INDIVIDUAL.

(2) "CONSENT" INCLUDES AN ACT SIGNIFIED THROUGH THE USE OF A WRITTEN STATEMENT, WHETHER OR NOT THE STATEMENT IS PROVIDED THROUGH ELECTRONIC MEANS.

(C) (1) "CONTROLLER" MEANS A PERSON THAT, ALONE OR JOINTLY WITH OTHERS, DETERMINES THE PURPOSE AND MEANS OF THE PROCESSING OF PERSONAL DATA.

(2) "CONTROLLER" DOES NOT INCLUDE A UNIT.

(D) (1) "ENROLL" MEANS THE PROCESS BY WHICH A FACIAL RECOGNITION SERVICE CREATES A FACIAL TEMPLATE FROM ONE OR MORE IMAGES OF AN INDIVIDUAL AND ADDS THE FACIAL TEMPLATE TO A GALLERY USED BY THE FACIAL RECOGNITION SERVICE FOR RECOGNITION OR PERSISTENT TRACKING OF INDIVIDUALS.

(2) "ENROLL" INCLUDES THE ACT OF ADDING AN EXISTING FACIAL TEMPLATE DIRECTLY INTO A GALLERY USED BY A FACIAL RECOGNITION SERVICE.

(E) "FACIAL RECOGNITION SERVICE" MEANS TECHNOLOGY THAT ANALYZES FACIAL FEATURES AND IS USED FOR RECOGNITION OR PERSISTENT TRACKING OF INDIVIDUALS IN STILL OR VIDEO IMAGES.

(F) "FACIAL TEMPLATE" MEANS THE MACHINE - INTERPRETABLE PATTERN OF FACIAL FEATURES THAT IS EXTRACTED FROM ONE OR MORE IMAGES OF AN INDIVIDUAL BY A FACIAL RECOGNITION SERVICE.

(G) "IDENTIFIED OR IDENTIFIABLE INDIVIDUAL" MEANS AN INDIVIDUAL WHO CAN BE READILY IDENTIFIED, DIRECTLY OR INDIRECTLY, IN PARTICULAR BY REFERENCE TO AN IDENTIFIER, INCLUDING A NAME, AN IDENTIFICATION NUMBER, SPECIFIC GEOLOCATION DATA, OR AN ONLINE IDENTIFIER.

(H) "MEANINGFUL HUMAN REVIEW" MEANS REVIEW OR OVERSIGHT BY ONE OR MORE INDIVIDUALS WHO:

(1) ARE TRAINED IN ACCORDANCE WITH § 14-4204 OF THIS SUBTITLE; AND

(2) HAVE THE AUTHORITY TO ALTER THE DECISION UNDER REVIEW.

(I) "PERSISTENT TRACKING" MEANS THE USE OF A FACIAL RECOGNITION SERVICE BY A CONTROLLER TO TRACK THE MOVEMENTS OF AN INDIVIDUAL:

(1) WITHOUT USING THE FACIAL RECOGNITION SERVICE FOR RECOGNITION OF THAT INDIVIDUAL; AND

(2) ON A PERSISTENT BASIS THAT BEGINS AS SOON AS THE CONTROLLER:

(I) MAINTAINS THE FACIAL TEMPLATE OR UNIQUE IDENTIFIER THAT ALLOWS THE TRACKING FOR MORE THAN 48 HOURS AFTER THE TEMPLATE OR IDENTIFIER IS FIRST CREATED; OR

(II) LINKS THE DATA CREATED BY THE FACIAL RECOGNITION SERVICE TO ANY OTHER DATA, INCLUDING PURCHASE OR PAYMENT DATA, IN A MANNER THAT RESULTS IN THE INDIVIDUAL WHO HAS BEEN TRACKED BEING IDENTIFIED OR IDENTIFIABLE.

(J) (1) "PERSONAL DATA" MEANS ANY INFORMATION THAT IS LINKED OR REASONABLY LINKABLE TO AN IDENTIFIED OR IDENTIFIABLE INDIVIDUAL.

(2) "PERSONAL DATA" DOES NOT INCLUDE DE - IDENTIFIED DATA OR PUBLICLY AVAILABLE INFORMATION THAT IS LAWFULLY MADE AVAILABLE FROM FEDERAL, STATE, OR LOCAL GOVERNMENT RECORDS.

(K) "PROCESS" MEANS ANY COLLECTION, USE, STORAGE, DISCLOSURE, ANALYSIS, DELETION, OR MODIFICATION OF PERSONAL DATA.

(L) (1) "PROCESSOR" MEANS A PERSON THAT PROCESSES PERSONAL DATA ON BEHALF OF A CONTROLLER.

(2) "PROCESSOR" DOES NOT INCLUDE A UNIT.

(M) "RECOGNITION" MEANS THE USE OF A FACIAL RECOGNITION SERVICE BY A CONTROLLER TO PREDICT WHETHER AN UNKNOWN INDIVIDUAL MATCHES ANY INDIVIDUAL OR A SPECIFIC INDIVIDUAL WHO HAS BEEN ENROLLED IN A GALLERY USED BY THE FACIAL RECOGNITION SERVICE.

(N) "SECURITY OR SAFETY PURPOSE " MEANS PHYSICAL SECURITY, SAFETY, FRAUD PREVENTION, OR ASSET PROTECTION.

(O) "UNIT" HAS THE MEANING STATED IN § 10-1301 OF THE STATE GOVERNMENT ARTICLE.

14-4202.

THIS SUBTITLE APPLIES ONLY TO LEGAL ENTITIES THAT CONDUCT BUSINESS IN THE STATE OR PRODUCE PRODUCTS OR SERVICES THAT ARE TARGETED TO RESIDENTS OF THE STATE.

14-4203.

THE GENERAL ASSEMBLY FINDS THAT:

(1) THE USE OF FACIAL RECOGNITION SERVICES BY THE PRIVATE SECTOR CAN PRESENT RISKS TO PRIVACY, DEMOCRATIC FREEDOMS, AND CIVIL LIBERTIES THAT SHOULD BE CONSIDERED AND ADDRESSED;

(2) FACIAL RECOGNITION TECHNOLOGY CAN BE USED IN A VARIETY OF BENEFICIAL WAYS, INCLUDING FOR IMPROVING SECURITY, PROVIDING INDIVIDUALS WITH EFFICIENT IDENTIFICATION EXPERIENCES, LOCATING MISSING OR INCAPACITATED INDIVIDUALS, IDENTIFYING VICTIMS OF CRIME, AND KEEPING THE PUBLIC SAFE; AND

(3) IT IS NECESSARY TO ESTABLISH SAFEGUARDS THAT WILL ALLOW INDUSTRY TO USE FACIAL RECOGNITION SERVICES IN WAYS THAT BENEFIT SOCIETY WHILE PROHIBITING USES THAT THREATEN THE PRIVACY, DEMOCRATIC FREEDOMS, AND CIVIL LIBERTIES OF INDIVIDUALS IN THE STATE.

14-4204.

(A) (1) (I) EACH PROCESSOR THAT PROVIDES A FACIAL RECOGNITION SERVICE SHALL MAKE AVAILABLE AN APPLICATION PROGRAMMING INTERFACE OR OTHER TECHNICAL CAPABILITY, CHOSEN BY THE PROCESSOR, TO ENABLE A CONTROLLER OR THIRD PARTY TO CONDUCT LEGITIMATE, INDEPENDENT, AND REASONABLE TESTS OF THE FACIAL RECOGNITION SERVICE FOR ACCURACY AND UNFAIR PERFORMANCE DIFFERENCES ACROSS DISTINCT SUBPOPULATIONS.

(II) FOR THE PURPOSES OF SUBPARAGRAPH (I) OF THIS PARAGRAPH, SUBPOPULATIONS MAY BE DEFINED BY RACE, SKIN TONE, ETHNICITY, GENDER, AGE, DISABILITY STATUS, OR OTHER PROTECTED CHARACTERISTIC THAT IS OBJECTIVELY DETERMINABLE OR SELF-IDENTIFIED BY THE INDIVIDUALS PORTRAYED IN THE TESTING DATASET.

(2) A PROCESSOR SHALL DEVELOP AND IMPLEMENT A PLAN TO MITIGATE ANY IDENTIFIED MATERIAL UNFAIR PERFORMANCE DIFFERENCES REGARDING A FACIAL RECOGNITION SERVICE PROVIDED BY THE PROCESSOR IF:

(I) THE DIFFERENCE WAS IDENTIFIED AS A RESULT OF INDEPENDENT TESTING;

(II) THE RESULTS OF THE INDEPENDENT TESTING WERE DISCLOSED DIRECTLY TO THE PROCESSOR; AND

(III) THE PROCESSOR DETERMINES, BY ACTING REASONABLY, THAT THE METHODOLOGY AND RESULT OF THE INDEPENDENT TESTING ARE VALID.

(3) THIS SUBSECTION DOES NOT PREVENT A PROCESSOR FROM PROHIBITING THE USE OF THE FACIAL RECOGNITION SERVICE OF THE PROCESSOR BY A COMPETITOR FOR COMPETITIVE PURPOSES.

(B) EACH PROCESSOR THAT PROVIDES A FACIAL RECOGNITION SERVICE SHALL PROVIDE DOCUMENTATION TO AN INDEPENDENT TESTER THAT INCLUDES GENERAL INFORMATION THAT:

(1) EXPLAINS THE CAPABILITIES AND LIMITATIONS OF THE FACIAL RECOGNITION SERVICE IN PLAIN LANGUAGE; AND

(2) ENABLES TESTING OF THE FACIAL RECOGNITION SERVICE IN ACCORDANCE WITH THIS SECTION.

(C) IN THE CONTRACT UNDER WHICH A CONTROLLER IS AUTHORIZED TO USE THE FACIAL RECOGNITION SERVICE PROVIDED BY A PROCESSOR, THE PROCESSOR SHALL PROHIBIT THE USE OF THE FACIAL RECOGNITION SERVICE BY THE CONTROLLER TO UNLAWFULLY DISCRIMINATE UNDER FEDERAL OR STATE LAW AGAINST INDIVIDUALS OR GROUPS OF INDIVIDUALS.

(D) A CONTROLLER SHALL PROVIDE A CONSPICUOUS AND CONTEXTUALLY APPROPRIATE NOTICE WHENEVER A FACIAL RECOGNITION SERVICE IS DEPLOYED IN A PHYSICAL PREMISES OPEN TO THE PUBLIC THAT, AT A MINIMUM, INCLUDES:

(1) THE PURPOSE FOR WHICH THE FACIAL RECOGNITION SERVICE IS DEPLOYED; AND

(2) INFORMATION ABOUT HOW AN INDIVIDUAL CAN OBTAIN ADDITIONAL INFORMATION ABOUT THE FACIAL RECOGNITION SERVICE, INCLUDING A LINK TO ANY APPLICABLE ONLINE NOTICE, TERMS, OR POLICY THAT PROVIDES INFORMATION ABOUT HOW AN INDIVIDUAL CAN EXERCISE ANY RIGHTS THAT THE INDIVIDUAL HAS WITH RESPECT TO THE FACIAL RECOGNITION SERVICE.

(E) EXCEPT AS PROVIDED IN SUBSECTION (F) OF THIS SECTION, A CONTROLLER SHALL OBTAIN CONSENT FROM AN INDIVIDUAL BEFORE ENROLLING AN IMAGE OR A FACIAL TEMPLATE OF THE INDIVIDUAL IN A FACIAL RECOGNITION SERVICE USED IN A PHYSICAL PREMISES OPEN TO THE PUBLIC.

(F) A CONTROLLER MAY ENROLL AN IMAGE OR A FACIAL TEMPLATE OF AN INDIVIDUAL IN A FACIAL RECOGNITION SERVICE FOR A SECURITY OR SAFETY PURPOSE WITHOUT FIRST OBTAINING CONSENT FROM THE INDIVIDUAL IF:

(1) THE CONTROLLER HOLDS A REASONABLE SUSPICION, BASED ON A SPECIFIC INCIDENT, THAT THE INDIVIDUAL HAS ENGAGED IN CRIMINAL ACTIVITY, INCLUDING SHOPLIFTING, FRAUD, STALKING, OR DOMESTIC VIOLENCE;

(2) ANY DATABASE USED BY THE FACIAL RECOGNITION SERVICE FOR RECOGNITION, VERIFICATION, OR PERSISTENT TRACKING OF INDIVIDUALS FOR A SECURITY OR SAFETY PURPOSE IS USED SOLELY FOR THAT PURPOSE AND IS MAINTAINED SEPARATELY FROM ANY OTHER DATABASES MAINTAINED BY THE CONTROLLER;

(3) THE CONTROLLER REVIEWS ANY DATABASE DESCRIBED IN ITEM (2) OF THIS SUBSECTION AT LEAST EVERY 6 MONTHS TO REMOVE FACIAL TEMPLATES OF INDIVIDUALS WITH RESPECT TO WHOM THE CONTROLLER NO LONGER HOLDS A REASONABLE SUSPICION THAT THE INDIVIDUAL HAS ENGAGED IN CRIMINAL ACTIVITY, OR THAT ARE MORE THAN 3 YEARS OLD; AND

(4) THE CONTROLLER ESTABLISHES AN INTERNAL PROCESS WHEREBY AN INDIVIDUAL MAY CORRECT OR CHALLENGE THE DECISION TO ENROLL THE IMAGE OF THE INDIVIDUAL IN THE FACIAL RECOGNITION SERVICE FOR A SECURITY OR SAFETY PURPOSE.

(G) (1) EACH CONTROLLER THAT USES A FACIAL RECOGNITION SERVICE TO MAKE DECISIONS THAT PRODUCE LEGAL OR SIMILARLY SIGNIFICANT EFFECTS CONCERNING INDIVIDUALS SHALL ENSURE THAT THE DECISIONS ARE SUBJECT TO MEANINGFUL HUMAN REVIEW.

(2) FOR THE PURPOSE OF PARAGRAPH (1) OF THIS SUBSECTION, DECISIONS THAT PRODUCE LEGAL OR SIMILARLY SIGNIFICANT EFFECTS CONCERNING INDIVIDUALS INCLUDE THE DENIAL OF CONSEQUENTIAL SERVICES OR SUPPORT, INCLUDING FINANCIAL AND LENDING SERVICES, HOUSING, INSURANCE, EDUCATION ENROLLMENT, CRIMINAL JUSTICE, EMPLOYMENT OPPORTUNITIES, HEALTH CARE SERVICES, AND ACCESS TO FOOD, WATER, AND OTHER BASIC NECESSITIES.

(H) (1) BEFORE DEPLOYING A FACIAL RECOGNITION SERVICE IN THE CONTEXT IN WHICH IT WILL BE USED, A CONTROLLER SHALL TEST THE FACIAL RECOGNITION SERVICE IN OPERATIONAL CONDITIONS.

(2) EACH CONTROLLER SHALL TAKE COMMERCIALLY REASONABLE STEPS TO ENSURE BEST - QUALITY RESULTS IN OPERATIONAL CONDITIONS BY FOLLOWING ALL REASONABLE GUIDANCE PROVIDED BY THE DEVELOPER OF THE FACIAL RECOGNITION SERVICE.

(I) (1) EACH CONTROLLER USING A FACIAL RECOGNITION SERVICE SHALL CONDUCT PERIODIC TRAINING OF ALL INDIVIDUALS WHO OPERATE THE FACIAL RECOGNITION SERVICE OR WHO PROCESS PERSONAL DATA OBTAINED FROM THE USE OF THE FACIAL RECOGNITION SERVICE.

(2) THE TRAINING REQUIRED UNDER THIS SUBSECTION SHALL INCLUDE COVERAGE OF:

(I) THE CAPABILITIES AND LIMITATIONS OF THE FACIAL RECOGNITION SERVICE;

(II) PROCEDURES TO INTERPRET AND ACT ON THE OUTPUT OF THE FACIAL RECOGNITION SERVICE; AND

(III) TO THE EXTENT APPLICABLE TO THE DEPLOYMENT CONTEXT, THE MEANINGFUL HUMAN REVIEW REQUIREMENT FOR DECISIONS THAT PRODUCE LEGAL OR SIMILARLY SIGNIFICANT EFFECTS CONCERNING INDIVIDUALS.

(J) A CONTROLLER MAY NOT KNOWINGLY DISCLOSE PERSONAL DATA OBTAINED FROM A FACIAL RECOGNITION SERVICE TO A LAW ENFORCEMENT AGENCY UNLESS THE DISCLOSURE IS:

(1) MADE ACCORDING TO THE CONSENT OF THE INDIVIDUAL TO WHOM THE PERSONAL DATA RELATES;

(2) REQUIRED BY FEDERAL, STATE, OR LOCAL LAW IN RESPONSE TO A COURT ORDER, COURT-ORDERED WARRANT, SUBPOENA OR SUMMONS ISSUED BY A JUDICIAL OFFICER, OR GRAND JURY SUBPOENA;

(3) MADE BASED ON A GOOD FAITH BELIEF BY THE CONTROLLER THAT THE DISCLOSURE IS NECESSARY TO PREVENT OR RESPOND TO AN EMERGENCY INVOLVING DANGER OF DEATH OR SERIOUS PHYSICAL INJURY TO ANY INDIVIDUAL; OR

(4) MADE TO THE NATIONAL CENTER FOR MISSING AND EXPLOITED CHILDREN IN CONNECTION WITH A REPORT SUBMITTED UNDER 18 U.S.C. § 2258A.

14-4205.

(A) (1) AN INDIVIDUAL MAY EXERCISE THE RIGHTS ESTABLISHED UNDER THIS SECTION BY SUBMITTING A REQUEST, AT ANY TIME, TO A CONTROLLER SPECIFYING WHICH RIGHTS THE INDIVIDUAL WISHES TO EXERCISE.

(2) EXCEPT AS OTHERWISE PROVIDED UNDER THIS SUBTITLE, A CONTROLLER SHALL COMPLY WITH A REQUEST SUBMITTED UNDER PARAGRAPH (1) OF THIS SUBSECTION.

(3) A PROCESSOR SHALL ASSIST A CONTROLLER BY APPROPRIATE TECHNICAL AND ORGANIZATIONAL MEASURES, TO THE EXTENT PRACTICABLE, FOR THE FULFILLMENT OF THE CONTROLLER 'S OBLIGATION TO RESPOND TO AN INDIVIDUAL'S REQUEST TO EXERCISE THE INDIVIDUAL'S RIGHTS UNDER THIS SECTION.

(B) AN INDIVIDUAL HAS THE RIGHT TO CONFIRM WHETHER OR NOT A CONTROLLER HAS ENROLLED AN IMAGE OR A FACIAL TEMPLATE OF THE INDIVIDUAL IN A FACIAL RECOGNITION SERVICE USED IN A PHYSICAL PREMISES OPEN TO THE PUBLIC.

(C) AN INDIVIDUAL HAS THE RIGHT TO CORRECT OR CHALLENGE A DECISION TO ENROLL AN IMAGE OR A FACIAL TEMPLATE OF THE INDIVIDUAL IN A FACIAL RECOGNITION SERVICE USED FOR A SECURITY OR SAFETY PURPOSE IN A PHYSICAL PREMISES OPEN TO THE PUBLIC.

(D) AN INDIVIDUAL HAS THE RIGHT TO HAVE AN IMAGE OR A FACIAL TEMPLATE OF THE INDIVIDUAL THAT HAS BEEN ENROLLED IN A FACIAL RECOGNITION SERVICE USED IN A PHYSICAL PREMISES OPEN TO THE PUBLIC REMOVED UNLESS:

(1) THE IMAGE OR FACIAL TEMPLATE IS USED FOR A SECURITY OR SAFETY PURPOSE; AND

(2) THE CONTROLLER HAS MET THE CONDITIONS LISTED UNDER § 14-4204(F) OF THIS SUBTITLE.

(E) AN INDIVIDUAL HAS THE RIGHT TO WITHDRAW CONSENT TO ENROLL AN IMAGE OR A FACIAL TEMPLATE OF THE INDIVIDUAL IN A FACIAL RECOGNITION SERVICE USED IN A PHYSICAL PREMISE OPEN TO THE PUBLIC.

(F) (1) (I) SUBJECT TO SUBPARAGRAPH (II) OF THIS PARAGRAPH, WITHIN 30 DAYS AFTER RECEIVING A REQUEST MADE UNDER SUBSECTION (A)(1) OF THIS SECTION AND WITHOUT UNDUE DELAY, A CONTROLLER SHALL INFORM THE INDIVIDUAL OF ANY ACTION TAKEN ON THE REQUEST.

(II) THE 30-DAY PERIOD ESTABLISHED UNDER SUBPARAGRAPH (I) OF THIS PARAGRAPH MAY BE EXTENDED BY AN ADDITIONAL 60 DAYS IF THE COMPLEXITY AND NUMBER OF THE REQUESTS MAKE THE EXTENSION REASONABLY NECESSARY.

(III) THE CONTROLLER SHALL INFORM THE INDIVIDUAL MAKING THE REQUEST OF:

1. ANY EXTENSION NEEDED BY THE CONTROLLER UNDER SUBPARAGRAPH (II) OF THIS PARAGRAPH WITHIN 30 DAYS AFTER RECEIPT OF THE REQUEST; AND

2. THE REASONS THAT MAKE THE EXTENSION NECESSARY.

(2) IF A CONTROLLER DOES NOT TAKE ACTION ON A REQUEST MADE UNDER SUBSECTION (A)(1) OF THIS SECTION, WITHIN 30 DAYS AFTER THE RECEIPT OF THE REQUEST AND WITHOUT UNDUE DELAY, THE CONTROLLER SHALL INFORM THE INDIVIDUAL OF THE REASONS FOR NOT TAKING ACTION.

(3) (I) EXCEPT AS PROVIDED IN SUBPARAGRAPH (II) OF THIS PARAGRAPH, A CONTROLLER MAY NOT CHARGE AN INDIVIDUAL FOR ANY INFORMATION PROVIDED UNDER THIS SECTION.

(II) IF REQUESTS FROM AN INDIVIDUAL UNDER SUBSECTION (A)(1) OF THIS SECTION ARE MANIFESTLY UNFOUNDED OR EXCESSIVE, IN PARTICULAR BECAUSE OF THE REPETITIVE CHARACTER OF THE REQUESTS, THE CONTROLLER MAY EITHER:

1. CHARGE A REASONABLE FEE TO COVER THE ADMINISTRATIVE COSTS OF COMPLYING WITH THE REQUEST; OR

2. REFUSE TO ACT ON THE REQUEST.

(III) THE CONTROLLER BEARS THE BURDEN OF DEMONSTRATING THE MANIFESTLY UNFOUNDED OR EXCESSIVE CHARACTER OF THE REQUEST.

(4) (I) A CONTROLLER IS NOT REQUIRED TO COMPLY WITH A REQUEST MADE UNDER SUBSECTION (A)(1) OF THIS SECTION IF THE CONTROLLER IS UNABLE TO DETERMINE, USING COMMERCIALLY REASONABLE EFFORTS, THAT THE REQUEST IS BEING MADE BY THE INDIVIDUAL WHO IS ENTITLED TO EXERCISE THE RIGHTS UNDER THIS SECTION.

(II) IF A CONTROLLER IS UNABLE TO MAKE THE DETERMINATION UNDER SUBPARAGRAPH (I) OF THIS PARAGRAPH, THE CONTROLLER MAY REQUEST THAT THE INDIVIDUAL MAKING THE REQUEST PROVIDE ADDITIONAL INFORMATION REASONABLY NECESSARY TO DETERMINE THAT THE INDIVIDUAL IS ENTITLED TO EXERCISE THE RIGHTS UNDER THIS SECTION.

14-4206.

THE OBLIGATIONS IMPOSED ON CONTROLLERS AND PROCESSORS UNDER THIS SUBTITLE DO NOT RESTRICT THE ABILITY OF A CONTROLLER OR PROCESSOR TO:

(1) COMPLY WITH FEDERAL, STATE, OR LOCAL LAWS AND REGULATIONS;

(2) COMPLY WITH A CIVIL, CRIMINAL, OR REGULATORY INQUIRY, INVESTIGATION, SUBPOENA, OR SUMMONS BY FEDERAL, STATE, LOCAL, OR OTHER GOVERNMENTAL AUTHORITIES; AND

(3) INVESTIGATE, ESTABLISH, EXERCISE, PREPARE FOR, OR DEFEND LEGAL CLAIMS.

14-4207.

(A) THE OFFICE OF THE ATTORNEY GENERAL HAS EXCLUSIVE AUTHORITY TO ENFORCE THIS SUBTITLE BY BRINGING AN ACTION IN THE NAME OF THE STATE, OR AS PARENS PATRIAE ON BEHALF OF INDIVIDUALS RESIDING IN THE STATE, TO ENFORCE THIS SUBTITLE.

(B) A CONTROLLER OR PROCESSOR THAT VIOLATES THIS SUBTITLE MAY BE SUBJECT TO AN INJUNCTION AND LIABLE FOR A CIVIL PENALTY OF:

(1) FOR EACH UNINTENTIONAL VIOLATION, NOT MORE THAN $2,500; AND

(2) FOR EACH INTENTIONAL VIOLATION, $7,500.

Article - State Government

SUBTITLE 17. FACIAL RECOGNITION SERVICES.

10-1701.

(A) IN THIS SUBTITLE THE FOLLOWING WORDS HAVE THE MEANINGS INDICATED.

(B) "ACCOUNTABILITY REPORT" MEANS A REPORT PRODUCED IN ACCORDANCE WITH § 10-1703 OF THIS SUBTITLE.

(C) (1) "ENROLL" MEANS THE PROCESS BY WHICH A FACIAL RECOGNITION SERVICE CREATES A FACIAL TEMPLATE FROM ONE OR MORE IMAGES OF AN INDIVIDUAL AND ADDS THE FACIAL TEMPLATE TO A GALLERY USED BY THE FACIAL RECOGNITION SERVICE FOR RECOGNITION OR PERSISTENT TRACKING OF INDIVIDUALS.

(2) "ENROLL" INCLUDES THE ACT OF ADDING AN EXISTING FACIAL TEMPLATE DIRECTLY INTO A GALLERY USED BY A FACIAL RECOGNITION SERVICE.

(D) "FACIAL RECOGNITION SERVICE" MEANS TECHNOLOGY THAT ANALYZES FACIAL FEATURES AND IS USED FOR RECOGNITION OR PERSISTENT TRACKING OF INDIVIDUALS IN STILL OR VIDEO IMAGES.

(E) "FACIAL TEMPLATE" MEANS THE MACHINE - INTERPRETABLE PATTERN OF FACIAL FEATURES THAT IS EXTRACTED FROM ONE OR MORE IMAGES OF AN INDIVIDUAL BY A FACIAL RECOGNITION SERVICE.

(F) "IDENTIFIED OR IDENTIFIABLE INDIVIDUAL" MEANS AN INDIVIDUAL WHO CAN BE READILY IDENTIFIED, DIRECTLY OR INDIRECTLY, IN PARTICULAR BY REFERENCE TO AN IDENTIFIER, INCLUDING A NAME, AN IDENTIFICATION NUMBER, SPECIFIC GEOLOCATION DATA, OR AN ONLINE IDENTIFIER.

(G) "MEANINGFUL HUMAN REVIEW" MEANS REVIEW OR OVERSIGHT BY ONE OR MORE INDIVIDUALS WHO:

(1) ARE TRAINED IN ACCORDANCE WITH § 10-1707 OF THIS SUBTITLE; AND

(2) HAVE THE AUTHORITY TO ALTER THE DECISION UNDER REVIEW.

(H) (1) "ONGOING SURVEILLANCE" MEANS TRACKING THE PHYSICAL MOVEMENTS OF A SPECIFIED INDIVIDUAL THROUGH ONE OR MORE PUBLIC PLACES OVER TIME, WHETHER IN REAL TIME OR THROUGH THE APPLICATION OF A FACIAL RECOGNITION SERVICE TO HISTORICAL RECORDS.

(2) "ONGOING SURVEILLANCE" DOES NOT INCLUDE A SINGLE RECOGNITION OR ATTEMPTED RECOGNITION OF AN INDIVIDUAL IF NO ATTEMPT IS MADE TO SUBSEQUENTLY TRACK THE INDIVIDUAL'S MOVEMENTS OVER TIME AFTER THE INDIVIDUAL HAS BEEN RECOGNIZED.

(I) "PERSISTENT TRACKING" MEANS THE USE OF A FACIAL RECOGNITION SERVICE BY A UNIT TO TRACK THE MOVEMENTS OF AN INDIVIDUAL:

(1) WITHOUT USING THE FACIAL RECOGNITION SERVICE FOR RECOGNITION OF THAT INDIVIDUAL; AND

(2) ON A PERSISTENT BASIS THAT BEGINS AS SOON AS THE UNIT:

(I) MAINTAINS THE FACIAL TEMPLATE OR UNIQUE IDENTIFIER THAT ALLOWS THE TRACKING FOR MORE THAN 48 HOURS AFTER THE TEMPLATE OR IDENTIFIER IS FIRST CREATED; OR

(II) LINKS THE DATA CREATED BY THE FACIAL RECOGNITION SERVICE TO ANY OTHER DATA, INCLUDING PURCHASE OR PAYMENT DATA, IN A MANNER THAT RESULTS IN THE INDIVIDUAL WHO HAS BEEN TRACKED BEING IDENTIFIED OR IDENTIFIABLE.

(J) (1) "PERSONAL DATA" MEANS ANY INFORMATION THAT IS LINKED OR REASONABLY LINKABLE TO AN IDENTIFIED OR IDENTIFIABLE INDIVIDUAL.

(2) "PERSONAL DATA" DOES NOT INCLUDE DE-IDENTIFIED DATA OR PUBLICLY AVAILABLE INFORMATION THAT IS LAWFULLY MADE AVAILABLE FROM FEDERAL, STATE, OR LOCAL GOVERNMENT RECORDS.

(K) "PROCESS" MEANS ANY COLLECTION, USE, STORAGE, DISCLOSURE, ANALYSIS, DELETION, OR MODIFICATION OF PERSONAL DATA.

(L) "RECOGNITION" MEANS THE USE OF A FACIAL RECOGNITION SERVICE BY A UNIT TO PREDICT WHETHER AN UNKNOWN INDIVIDUAL MATCHES ANY INDIVIDUAL OR A SPECIFIC INDIVIDUAL WHO HAS BEEN ENROLLED IN A GALLERY USED BY THE FACIAL RECOGNITION SERVICE.

(M) "SERIOUS CRIMINAL OFFENSE" MEANS:

(1) A SERIOUS OFFENSE AS DEFINED IN § 16-101 OF THE CRIMINAL PROCEDURE ARTICLE; OR

(2) AN OFFENSE ENUMERATED UNDER 18 U.S.C. § 2516.

(N) "UNIT" HAS THE MEANING STATED IN § 10-1301 OF THIS TITLE.

10-1702.

THE GENERAL ASSEMBLY FINDS THAT:

(1) THE USE OF FACIAL RECOGNITION SERVICES BY UNITS OF STATE AND LOCAL GOVERNMENT CAN PRESENT RISKS TO PRIVACY, DEMOCRATIC FREEDOMS, AND CIVIL LIBERTIES THAT SHOULD BE CONSIDERED AND ADDRESSED;

(2) FACIAL RECOGNITION TECHNOLOGY CAN BE USED IN A VARIETY OF BENEFICIAL WAYS, INCLUDING FOR IMPROVING SECURITY, PROVIDING INDIVIDUALS WITH EFFICIENT IDENTIFICATION EXPERIENCES, LOCATING MISSING OR INCAPACITATED INDIVIDUALS, IDENTIFYING VICTIMS OF CRIME, AND KEEPING THE PUBLIC SAFE; AND

(3) IT IS NECESSARY TO ESTABLISH SAFEGUARDS THAT WILL ALLOW GOVERNMENT TO USE FACIAL RECOGNITION SERVICES IN WAYS THAT BENEFIT SOCIETY WHILE PROHIBITING USES THAT THREATEN THE PRIVACY, DEMOCRATIC FREEDOMS, AND CIVIL LIBERTIES OF INDIVIDUALS IN THE STATE.

10-1703.

(A) (1) EACH UNIT USING OR INTENDING TO DEVELOP, PROCURE, OR USE A FACIAL RECOGNITION SERVICE SHALL PRODUCE AN ACCOUNTABILITY REPORT FOR THE FACIAL RECOGNITION SERVICE.

(2) EACH UNIT SHALL:

(I) CLEARLY COMMUNICATE THE ACCOUNTABILITY REPORT TO THE PUBLIC:

1. AT LEAST 90 DAYS BEFORE THE UNIT PUTS THE FACIAL RECOGNITION SERVICE INTO OPERATIONAL USE; OR

2. FOR A FACIAL RECOGNITION SERVICE IN USE ON OCTOBER 1, 2020, ON OR BEFORE JANUARY 1, 2021;

(II) POST THE ACCOUNTABILITY REPORT ON THE PUBLIC WEBSITE OF THE UNIT; AND

(III) SUBMIT THE ACCOUNTABILITY REPORT TO THE DEPARTMENT OF INFORMATION TECHNOLOGY.

(3) THE DEPARTMENT OF INFORMATION TECHNOLOGY SHALL POST EACH SUBMITTED ACCOUNTABILITY REPORT ON ITS PUBLIC WEBSITE.

(B) EACH ACCOUNTABILITY REPORT SHALL INCLUDE, AT A MINIMUM, IN CLEAR AND UNDERSTANDABLE LANGUAGE, THE FOLLOWING INFORMATION:

(1) (I) THE NAME, VENDOR, AND VERSION OF THE FACIAL RECOGNITION SERVICE; AND

(II) A DESCRIPTION OF THE GENERAL CAPABILITIES AND LIMITATIONS OF THE FACIAL RECOGNITION SERVICE, INCLUDING REASONABLY FORESEEABLE CAPABILITIES OUTSIDE THE SCOPE OF THE PROPOSED USE OF THE UNIT;

(2) (I) THE TYPE OR TYPES OF DATA INPUTS THAT THE FACIAL RECOGNITION SERVICE USES WHEN IT IS DEPLOYED;

(II) HOW THE DATA THAT THE FACIAL RECOGNITION SERVICE USES IS GENERATED, COLLECTED, AND PROCESSED; AND

(III) THE TYPE OR TYPES OF DATA THE FACIAL RECOGNITION SERVICE IS REASONABLY LIKELY TO GENERATE;

(3) A DESCRIPTION OF THE PURPOSE AND PROPOSED USE OF THE FACIAL RECOGNITION SERVICE, INCLUDING:

(I) WHAT DECISIONS DATA FROM THE FACIAL RECOGNITION SERVICE WILL BE USED TO MAKE OR SUPPORT;

(II) WHETHER DATA FROM THE FACIAL RECOGNITION SERVICE WILL BE USED TO SUPPORT A DECISION OR AS THE SOLE BASIS FOR MAKING A DECISION; AND

(III) THE INTENDED BENEFITS OF THE USE OF THE FACIAL RECOGNITION SERVICE, INCLUDING ANY DATA OR RESEARCH DEMONSTRATING THE INTENDED BENEFITS;

(4) A USE AND DATA MANAGEMENT POLICY, INCLUDING PROTOCOLS FOR:

(I) HOW AND WHEN THE FACIAL RECOGNITION SERVICE WILL BE DEPLOYED OR USED AND BY WHOM, INCLUDING:

1. THE FACTORS THAT WILL BE USED TO DETERMINE WHERE, WHEN, AND HOW THE FACIAL RECOGNITION SERVICE IS DEPLOYED, AND OTHER RELEVANT INFORMATION, INCLUDING WHETHER THE FACIAL RECOGNITION SERVICE WILL BE OPERATED CONTINUOUSLY OR USED ONLY UNDER SPECIFIC CIRCUMSTANCES; AND

2. IF THE FACIAL RECOGNITION SERVICE WILL BE OPERATED OR USED BY ANOTHER ENTITY ON THE UNIT'S BEHALF, A DESCRIPTION OF THE OTHER ENTITY'S ACCESS TO THE FACIAL RECOGNITION SERVICE AND ANY APPLICABLE PROTOCOLS;

(II) ANY MEASURES TAKEN TO MINIMIZE INADVERTENT COLLECTION OF ADDITIONAL DATA BEYOND THE AMOUNT NECESSARY FOR THE SPECIFIC PURPOSE FOR WHICH THE FACIAL RECOGNITION SERVICE WILL BE USED;

(III) DATA INTEGRITY AND RETENTION POLICIES APPLICABLE TO THE DATA COLLECTED USING THE FACIAL RECOGNITION SERVICE, INCLUDING:

1. HOW THE UNIT WILL MAINTAIN AND UPDATE RECORDS USED IN CONNECTION WITH THE FACIAL RECOGNITION SERVICE;

2. HOW LONG THE UNIT WILL KEEP THE DATA; AND

3. THE PROCESS THAT WILL BE USED TO DELETE THE DATA;

(IV) ANY ADDITIONAL RULES THAT WILL GOVERN THE USE OF THE FACIAL RECOGNITION SERVICE AND WHAT PROCESSES WILL BE REQUIRED BEFORE EACH USE OF THE FACIAL RECOGNITION SERVICE;

(V) 1. DATA SECURITY MEASURES APPLICABLE TO THE FACIAL RECOGNITION SERVICE, INCLUDING MEASURES FOR THE SECURE STORAGE AND ACCESS OF DATA COLLECTED USING THE FACIAL RECOGNITION SERVICE;

2. WHETHER THE UNIT INTENDS TO SHARE ACCESS TO THE FACIAL RECOGNITION SERVICE OR THE DATA FROM THE FACIAL RECOGNITION SERVICE WITH ANY OTHER ENTITY AND, IF SO, THE REASON FOR SHARING ACCESS; AND

3. THE RULES AND PROCEDURES BY WHICH A UNIT SHARING DATA WITH ANY OTHER ENTITY WILL ENSURE THAT THE OTHER ENTITY COMPLIES WITH THE UNIT'S USE AND DATA MANAGEMENT POLICY AS PART OF THE DATA SHARING AGREEMENT; AND

(VI) THE UNIT'S TRAINING PROCEDURES, INCLUDING:

1. PROCEDURES IMPLEMENTED IN ACCORDANCE WITH § 10-1707 OF THIS SUBTITLE; AND

2. HOW THE UNIT WILL ENSURE THAT ALL PERSONNEL WHO OPERATE THE FACIAL RECOGNITION SERVICE OR ACCESS ITS DATA ARE KNOWLEDGEABLE ABOUT AND ABLE TO ENSURE COMPLIANCE WITH THE USE AND DATA MANAGEMENT POLICY BEFORE USE OF THE FACIAL RECOGNITION SERVICE;

(5) THE UNIT'S TESTING PROCEDURES, INCLUDING THE UNIT'S PROCESSES FOR PERIODICALLY UNDERTAKING OPERATIONAL TESTS OF THE FACIAL RECOGNITION SERVICE IN ACCORDANCE WITH § 10-1706 OF THIS SUBTITLE;

(6) A DESCRIPTION OF ANY POTENTIAL IMPACTS OF THE FACIAL RECOGNITION SERVICE ON CIVIL RIGHTS AND LIBERTIES, INCLUDING:

(I) POTENTIAL IMPACTS ON PRIVACY AND POTENTIAL DISPARATE IMPACTS ON MARGINALIZED COMMUNITIES; AND

(II) THE SPECIFIC STEPS THE UNIT WILL TAKE TO MITIGATE THE POTENTIAL IMPACTS AND PREVENT UNAUTHORIZED USE OF THE FACIAL RECOGNITION SERVICE; AND

(7) THE UNIT'S PROCEDURES FOR RECEIVING FEEDBACK, INCLUDING THE METHODS USED FOR RECEIVING FEEDBACK FROM INDIVIDUALS AFFECTED BY THE USE OF THE FACIAL RECOGNITION SERVICE AND FROM THE COMMUNITY AT LARGE, AS WELL AS THE PROCEDURES FOR RESPONDING TO THE FEEDBACK.

(C) BEFORE FINALIZING AND IMPLEMENTING THE ACCOUNTABILITY REPORT, THE UNIT SHALL CONSIDER ISSUES RAISED BY THE PUBLIC THROUGH:

(1) A PUBLIC REVIEW AND COMMENT PERIOD; AND

(2) COMMUNITY CONSULTATION MEETINGS DURING THE PUBLIC REVIEW PERIOD.

(D) (1) SUBJECT TO PARAGRAPH (2) OF THIS SUBSECTION, EACH UNIT SHALL UPDATE THE UNIT'S ACCOUNTABILITY REPORT EVERY 2 YEARS.

(2) EACH UPDATE SHALL BE SUBJECT TO THE PUBLIC COMMENT AND COMMUNITY CONSULTATION MEETINGS REQUIREMENTS DESCRIBED IN SUBSECTION (C) OF THIS SECTION.

(E) A UNIT SEEKING TO USE A FACIAL RECOGNITION SERVICE FOR A PURPOSE NOT DISCLOSED IN THE UNIT'S MOST RECENT ACCOUNTABILITY REPORT SHALL FIRST SEEK PUBLIC COMMENT AND COMMUNITY CONSULTATION ON THE PROPOSED NEW USE AND ADOPT AN UPDATED ACCOUNTABILITY REPORT IN ACCORDANCE WITH THE REQUIREMENTS OF THIS SECTION.

10-1704.

(A) EACH UNIT USING A FACIAL RECOGNITION SERVICE SHALL PREPARE AND PUBLISH AN ANNUAL REPORT THAT DISCLOSES:

(1) THE EXTENT OF THE UNIT'S USE OF THE FACIAL RECOGNITION SERVICE;

(2) AN ASSESSMENT OF COMPLIANCE WITH THE TERMS OF THE UNIT'S ACCOUNTABILITY REPORT;

(3) ANY KNOWN OR REASONABLY SUSPECTED VIOLATIONS OF THE UNIT'S ACCOUNTABILITY REPORT, INCLUDING COMPLAINTS ALLEGING VIOLATIONS; AND

(4) ANY REVISIONS TO THE UNIT'S ACCOUNTABILITY REPORT RECOMMENDED BY THE UNIT FOR THE NEXT UPDATE OF THE REPORT.

(B) EACH UNIT SHALL SUBMIT THE ANNUAL REPORT REQUIRED UNDER SUBSECTION (A) OF THIS SECTION TO THE DEPARTMENT OF INFORMATION TECHNOLOGY.

(C) EACH UNIT SHALL HOLD A COMMUNITY MEETING TO REVIEW AND DISCUSS THE ANNUAL REPORT REQUIRED UNDER SUBSECTION (A) OF THIS SECTION WITHIN 60 DAYS BEFORE THE REPORT IS SUBMITTED UNDER SUBSECTION (B) OF THIS SECTION.

10-1705.

(A) EACH UNIT THAT USES A FACIAL RECOGNITION SERVICE TO MAKE DECISIONS THAT PRODUCE LEGAL OR SIMILARLY SIGNIFICANT EFFECTS CONCERNING INDIVIDUALS SHALL ENSURE THAT THE DECISIONS ARE SUBJECT TO MEANINGFUL HUMAN REVIEW.

(B) FOR THE PURPOSE OF SUBSECTION (A) OF THIS SECTION, DECISIONS THAT PRODUCE LEGAL OR SIMILARLY SIGNIFICANT EFFECTS CONCERNING INDIVIDUALS INCLUDE DENIAL OF CONSEQUENTIAL SERVICES OR SUPPORT, INCLUDING FINANCIAL AND LENDING SERVICES, HOUSING, INSURANCE, EDUCATION ENROLLMENT, CRIMINAL JUSTICE, EMPLOYMENT OPPORTUNITIES, HEALTH CARE SERVICES, AND ACCESS TO FOOD, WATER, AND OTHER BASIC NECESSITIES.

10-1706.

(A) BEFORE A UNIT DEPLOYS A FACIAL RECOGNITION SERVICE IN THE CONTEXT IN WHICH IT WILL BE USED AND SUBJECT TO SUBSECTION (B) OF THIS SECTION, THE UNIT SHALL TEST THE FACIAL RECOGNITION SERVICE IN OPERATIONAL CONDITIONS.

(B) THE UNIT SHALL TAKE REASONABLE STEPS TO:

(1) ENSURE BEST - QUALITY RESULTS IN OPERATIONAL CONDITIONS BY FOLLOWING ALL REASONABLE GUIDANCE PROVIDED BY THE DEVELOPER OF THE FACIAL RECOGNITION SERVICE; AND

(2) MITIGATE ANY MATERIAL UNFAIR PERFORMANCE DIFFERENCES ACROSS SUBPOPULATIONS.

10-1707.

(A) EACH UNIT THAT USES A FACIAL RECOGNITION SERVICE SHALL CONDUCT PERIODIC TRAINING OF ALL INDIVIDUALS WHO OPERATE THE FACIAL RECOGNITION SERVICE OR WHO PROCESS PERSONAL DATA OBTAINED FROM THE USE OF THE FACIAL RECOGNITION SERVICE.

(B) THE TRAINING REQUIRED UNDER THIS SECTION SHALL INCLUDE COVERAGE OF:

(1) THE CAPABILITIES AND LIMITATIONS OF THE FACIAL RECOGNITION SERVICE;

(2) PROCEDURES TO INTERPRET AND ACT ON THE OUTPUT OF THE FACIAL RECOGNITION SERVICE; AND

(3) TO THE EXTENT APPLICABLE TO THE DEPLOYMENT CONTEXT, THE MEANINGFUL HUMAN REVIEW REQUIREMENT FOR DECISIONS THAT PRODUCE LEGAL OR SIMILARLY SIGNIFICANT EFFECTS CONCERNING INDIVIDUALS.

10-1708.

(A) A UNIT MAY NOT USE A FACIAL RECOGNITION SERVICE TO ENGAGE IN ONGOING SURVEILLANCE UNLESS:

(1) THE USE IS IN SUPPORT OF LAW ENFORCEMENT ACTIVITIES;

(2) THE USE MAY PROVIDE EVIDENCE OF A SERIOUS CRIMINAL OFFENSE; AND

(3) (I) A SEARCH WARRANT HAS BEEN OBTAINED TO AUTHORIZE THE USE OF THE FACIAL RECOGNITION SERVICE FOR ONGOING SURVEILLANCE; OR

(II) IF THE UNIT REASONABLY DETERMINES THAT ONGOING SURVEILLANCE IS NECESSARY TO PREVENT OR RESPOND TO AN EMERGENCY INVOLVING IMMINENT DANGER OR RISK OF DEATH OR SERIOUS PHYSICAL INJURY TO AN INDIVIDUAL, WRITTEN APPROVAL IS OBTAINED FROM THE HEAD OF THE UNIT, OR THE HEAD'S DESIGNEE, BEFORE USING THE FACIAL RECOGNITION SERVICE AND A SEARCH WARRANT IS SUBSEQUENTLY OBTAINED WITHIN 48 HOURS AFTER THE ONGOING SURVEILLANCE BEGINS.

(B) (1) A UNIT MAY NOT APPLY A FACIAL RECOGNITION SERVICE TO ANY INDIVIDUAL BASED ON THE INDIVIDUAL'S RELIGIOUS, POLITICAL, OR SOCIAL VIEWS OR ACTIVITIES, PARTICIPATION IN A PARTICULAR NONCRIMINAL ORGANIZATION OR LAWFUL EVENT, OR ACTUAL OR PERCEIVED RACE, ETHNICITY, CITIZENSHIP, PLACE OF ORIGIN, AGE, DISABILITY, GENDER, GENDER IDENTITY, SEXUAL ORIENTATION, OR OTHER CHARACTERISTIC PROTECTED BY LAW.

(2) THE PROHIBITION ESTABLISHED UNDER PARAGRAPH (1) OF THIS SUBSECTION DOES NOT PROHIBIT A UNIT FROM APPLYING A FACIAL RECOGNITION SERVICE TO AN INDIVIDUAL WHO HAPPENS TO POSSESS ONE OR MORE OF THE CHARACTERISTICS DESCRIBED UNDER PARAGRAPH (1) OF THIS SUBSECTION IF AN OFFICER OF THE UNIT HOLDS A REASONABLE SUSPICION THAT THE INDIVIDUAL HAS COMMITTED, IS COMMITTING, OR IS ABOUT TO COMMIT A SERIOUS CRIMINAL OFFENSE.

(C) A UNIT MAY NOT USE A FACIAL RECOGNITION SERVICE TO CREATE A RECORD DESCRIBING ANY INDIVIDUAL'S EXERCISE OF RIGHTS GUARANTEED BY THE FIRST AMENDMENT OF THE U.S. CONSTITUTION OR BY THE MARYLAND DECLARATION OF RIGHTS UNLESS:

(1) THE USE IS SPECIFICALLY AUTHORIZED BY APPLICABLE LAW AND RELATES TO AND IS WITHIN THE SCOPE OF AN AUTHORIZED LAW ENFORCEMENT ACTIVITY; AND

(2) THERE IS REASONABLE SUSPICION TO BELIEVE THE INDIVIDUAL HAS COMMITTED, IS COMMITTING, OR IS ABOUT TO COMMIT A SERIOUS CRIMINAL OFFENSE.

10-1709.

(A) IF A UNIT IS USING A FACIAL RECOGNITION SERVICE ON A CRIMINAL DEFENDANT, THE UNIT SHALL DISCLOSE THE USE TO THE CRIMINAL DEFENDANT IN A TIMELY MANNER BEFORE TRIAL.

(B) EACH UNIT USING A FACIAL RECOGNITION SERVICE SHALL MAINTAIN RECORDS OF ITS USE OF THE FACIAL RECOGNITION SERVICE THAT ARE SUFFICIENT TO FACILITATE PUBLIC REPORTING AND AUDITING OF COMPLIANCE WITH THE APPLICABLE ACCOUNTABILITY REPORT.

(C) ON OR BEFORE JANUARY 31 EACH YEAR, EACH JUDGE WHO HAS ISSUED A WARRANT FOR ONGOING SURVEILLANCE USING A FACIAL RECOGNITION SERVICE OR AN EXTENSION OF A WARRANT FOR ONGOING SURVEILLANCE USING A FACIAL RECOGNITION SERVICE THAT EXPIRED DURING THE IMMEDIATELY PRECEDING CALENDAR YEAR, OR WHO HAS DENIED APPROVAL OF A REQUEST FOR A WARRANT FOR ONGOING SURVEILLANCE USING A FACIAL RECOGNITION SERVICE DURING THE IMMEDIATELY PRECEDING CALENDAR YEAR, SHALL REPORT TO THE COURT OF APPEALS:

(1) THAT THE WARRANT OR EXTENSION WAS APPLIED FOR;

(2) THAT THE WARRANT OR EXTENSION WAS GRANTED AS APPLIED FOR, WAS MODIFIED, OR WAS DENIED;

(3) IF THE WARRANT WAS GRANTED, THE PERIOD FOR WHICH THE ONGOING SURVEILLANCE WAS AUTHORIZED BY THE WARRANT AND THE NUMBER AND DURATION OF ANY EXTENSIONS OF THE WARRANT;

(4) THE IDENTITY OF THE INVESTIGATIVE OR LAW ENFORCEMENT OFFICER AND UNIT MAKING THE APPLICATION AND THE INDIVIDUAL AUTHORIZING THE APPLICATION; AND

(5) THE NATURE OF THE PUBLIC SPACES WHERE THE ONGOING SURVEILLANCE WAS CONDUCTED.

SECTION 2. AND BE IT FURTHER ENACTED, That this Act supersedes and preempts laws, ordinances, regulations, or the equivalent adopted by a political subdivision regarding the development, use, or deployment of facial recognition services.

SECTION 3. AND BE IT FURTHER ENACTED, That this Act shall take effect October 1, 2020.


Copyright © 2020 State Net