A putative class action complaint filed against the parent company of the New York Mets underscores the need for businesses in New York City to comply with an oft-overlooked law governing the collection and use of consumer biometric information. The complaint, filed in October 2024, alleges violations of a 2021 municipal law that imposes notice requirements, prohibits the sale of biometric information, and allows for recovery of statutory damages. As does the more well-known Illinois Biometric Information Privacy Act (BIPA), the New York City law creates significant potential exposure in the class action context.
As we noted in a prior article, NYC Admin. Code §§ 22-1201–1205 (NYC Biometrics Law) requires covered commercial establishments that collect, store, convert, retain, or share customers’ biometric identifier information to disclose the practice in “plain [and] simple language” on “clear and conspicuous” signage near establishment entrances. The law also prohibits such establishments from selling, leasing, or otherwise profiting from consumers’ biometric information. This law also provides the right to customers aggrieved by violations of the foregoing provisions to sue for statutory damages of up to $5,000 per violation. The NYC Biometrics Law has been the subject of a few complaints to date, including one filed in New York state court against the Mets.
The Mets Complaint
The complaint alleges that the New York Mets violated both the NYC Biometrics Law and New York General Business Law (GBL) § 349 by failing to disclose the collection of visitors’ facial templates at its Citi Field stadium and by subsequently sharing the facial templates with third-party software companies that provide the biometric security software for the stadium. The plaintiff alleges that the Mets use facial recognition technology at the main stadium entrance to check scanned faces against the stadium’s “do not admit” list. According to the complaint, if the technology detects someone on the list, security personnel compare the detected person’s ID to the list and if the identities match, the NYPD is called to handle the matter as a trespassing violation.
The plaintiff alleges, on behalf of a proposed class, that the Mets profited from the use of the facial recognition software under two seemingly contradictory theories: (i) increased profit margins by virtue of not using manual security forces for a 400,000-square-foot stadium, and (ii) premium ticket prices that include the costs related to a biometric security system. The plaintiff also seeks relief under an unjust enrichment theory.
The Mets removed the complaint to federal court pursuant to the Class Action Fairness Act, with a stated intent of subsequently filing a motion to dismiss. With good reason: the Southern District of New York dismissed a similar claim in May 2024 against another venue’s parent organization.1 In that case, the plaintiffs alleged that a venue violated the NYC Biometrics Law by sharing biometric data with a third-party vendor to exclude from the venue any attorneys employed by firms that had filed litigation against the venue. The plaintiffs theorized that the venue profited from sharing the biometric information because the policy deterred litigation.2
The Southern District dismissed that complaint, finding that the NYC Biometrics Law does not prohibit companies from receiving any benefit from sharing biometric information. Instead, companies may not profit from the transaction itself. The venue’s use of a third-party vendor to deploy its biometric security system was no different than paying a vendor for any other security tool. The plaintiffs’ interpretation of “profit” was impractical in that it would make any benefit from biometric information illegal. The court further reasoned that § 22-1202(b) of the statute explicitly permits the collection and sharing of biometric information for commercial purposes so long as the public is notified. The plaintiff did not allege that the venue failed to post notices that complied with the NYC Biometrics Law. It is likely that the Mets will assert similar arguments in a forthcoming motion to dismiss.
Conclusion
These complaints alleging violations of the NYC Biometrics Law suggest that plaintiffs’ attorneys are exploring challenges to a variety of uses of biometric technology to capitalize on the law’s statutory damages provision, as we saw with the Illinois BIPA law. Given the dearth of case law interpreting the statute, New York businesses should review their policies relating to the collection and use of biometric information and post the appropriate notices to mitigate class action exposure.
1. Notably, although the plaintiff cannot recover statutory damages on behalf of a class in New York state court under N.Y. CPLR § 901(b), statutory damages can be recovered on behalf of a class in federal court upon removal.
2. Unlike the case against the Mets, that complaint did not assert violations of GBL § 349.
[View source.]
