Tensions ran high last week during a New York City Council hearing on the use of biometric surveillance and data collection across the city, and it ended with council members accusing the city’s chief privacy officer of providing false information during his testimony about how the city and its agencies use facial recognition software.
During the hearing on May 3, council members asked Michael Fitzpatrick, who has been the city’s top privacy official since last April, about the city and its agencies’ practices of engaging with private entities — which are not subject to the same regulations as the city agencies — to obtain data.
He testified that he didn’t know of any city agencies that purchased information from private entities, such as Madison Square Garden and its parent company MSG Entertainment, which came under scrutiny at the end of 2022 for its use of facial recognition software to ban people from their venues that were engaged in litigation against its owner.
“I can’t speak to specific instances on the purchasing side, but on the converse, but if we’re thinking about the sale of data held by city agencies, that is not something that I’m aware of as occurring, and in fact our standard contracting language prohibits the sale of information to the extent we’re using a city vendor for example that vendor reselling that information,” Fitzpatrick responded when asked for an example of city agencies buying data from private organizations.
The hearing, a joint oversight conducted by the Committee on Technology and the Committee on Civil and Human Rights, was based around amendments to two local laws: One would prohibit public places and service providers from using biometric recognition technology, and the other would limit its use in residential buildings. The amendments would apply to data or a retina or iris scan; a fingerprint or voiceprint; a scan of hand or face geometry; or gait or movement patterns.
The council also asked Fitzpatrick about biometric tech use by individual agencies, like the New York Police Department, Administration for Children’s Services, the New York City Housing Authority and the Department of Education. He said that while NYCHA and the Department of Education were not subject to the Identifying Information Law — a 2017 local law that created the chief privacy officer and set requirements for city agencies regarding the handling of personal identifying information such as biometrics — he wasn’t aware of any others using a biometric identification system.
Jennifer Gutierrez, chair of the council’s technology committee, asked Fitzpatrick if he was holding agencies “accountable or connecting with them on the data they are collecting.”
Gutierrez asked if he could share an instance of a city agency engaging with a private company to acquire its data, and Fitzpatrick said he could not, nor did he name what types of data city agencies were collecting.
“I was disappointed by the lack of preparation from the Office of Technology and Innovation today. We heard a lot about the importance of transparency from the agency, but what was presented felt very much like the opposite of that,” Gutierrez later said in a news release.
But the technology office didn’t waver.
“OTI stands by its testimony and did not provide any false information at yesterday’s hearing,” a City Hall spokesperson wrote StateScoop in email Thursday. “To say otherwise is false and it is wrong for a sitting council member to assume ill intent from a city agency that operates with the utmost level of honesty and integrity.”