WeVote

Bill

Bill

SD 1455

An Act to provide accountability in the use of biometric recognition technology and comprehensive enforcement

194th Legislature (2025-2026) Introduced by Dylan Fernandes

Creates Chapter 110I to regulate biometric data use, requires clear, informed consent, and bans abusive, deceptive, or unfair practices to hold data handlers accountable.

House concurred
0
WeVote Research Nonpartisan
Bill Summary · SD 1455

Summary: An Act to provide accountability in the use of biometric recognition technology and comprehensive enforcement (SD 1455)

Overview

This proposed Massachusetts bill aims to regulate biometric recognition technology and protect residents from abusive or inappropriate handling of biometric data. It would create a new regulatory framework (Chapter 110I) governing how biometric data is collected, stored, processed, and disclosed, with a focus on accountability and enforceable standards.

Purpose and Intent

  • To protect residents from abusive use of biometric information and ensure clearer, fairer terms for individuals interacting with technologies that collect biometric data.
  • To establish comprehensive enforcement mechanisms to address unfair, deceptive, or abusive data practices related to biometric recognition technology.

Key Provisions (selected highlights)

  • New regulatory chapter: The bill adds Chapter 110I, Regulation of biometric recognition technology, to the General Laws.
  • Definitions:
    • “Biometric data” includes measurable biological or behavioral characteristics (e.g., fingerprints, iris patterns, facial features, voiceprints, DNA sequences, gait, keystroke dynamics, mouse movements) used for verification, recognition, or identification.
    • “Biometric recognition technology” means technology that analyzes biometric data to assign a unique identifier or enable personal identification.
    • “Covered entity” and “Controller” designate who collects, stores, or processes biometric data and who determines the purposes and means of processing.
    • “Consent” requires freely given, specific, informed, and unambiguous indication of consent for processing biometric data, with protections against terms-of-use provisions or abusive practices being deemed invalid as consent.
    • Terms such as “Abusive trade practice,” “Deceptive data practice,” and “Unfair data practice” establish standards for prohibited behavior by covered entities.
  • Protections against misuse:
    • Prohibits abusive, deceptive, and unfair data practices related to biometric data.
    • Emphasizes consumer understanding of terms, risks, costs, and conditions, and prohibits consent obtained through abusive practices.
  • Scope and exclusions:
    • Government agencies at the federal, state, or local level are not treated as covered entities under this chapter.
    • The bill distinguishes biometric data from medical or certain other data, with specific carve-outs (e.g., health care data governed by HIPAA when appropriately protected).
  • End users and data governance:
    • “End user” refers to individuals providing biometric data.
    • The framework targets clarity in the relationship between end users and entities that collect or process biometric data, including data handling, storage, and processing practices.

Who is Affected

  • Covered entities and controllers: Businesses, contractors, or organizations that collect, store, or process biometric data for identification or verification purposes.
  • End users: Individuals providing biometric data to covered entities.
  • Government agencies: Not covered entities under this chapter, per definitions.

Procedural and Timeline Aspects

  • Introduced: February 27, 2025.
  • Status: House concurred; referred to the Committee on Advanced Information Technology, the Internet and Cybersecurity.
  • Part of the 2025-2026 legislative session in Massachusetts.

Impact and Implications

  • Establishes a clear regulatory regime for biometric data, potentially increasing transparency, informed consent, and accountability in how biometric data is used.
  • Creates enforceable standards for protectively handling biometric information and for addressing abusive, deceptive, or unfair data practices.
  • Could impose compliance obligations on entities handling biometric data, with potential regulatory or enforcement actions by the Commonwealth (specific penalties and procedures not detailed in the available text).

This summary reflects the provisions available in the bill text as filed; additional sections (e.g., enforcement mechanisms, penalties, and rulemaking details) may further define the practical impact.

Compiled from official sources — confirm details with the bill’s official record.

Sign in to ask a question.