After claims against Madison Square Garden for the use of facial recognition technology were dismissed, another individual has filed a putative class action against Queens Ballpark Company, LLC, the operator of the New York Mets’ Citi Field, asserting the same claims.
Chris Dowling alleges that Citi Field’s use of facial recognition technology violates New York City’s law governing the collection and use of biometric information.
Citi Field has filed a motion to dismiss, asserting (among other defenses) that, because it did not sell the data collected, it was not in violation of the law.
New York City biometrics law
In 2021, New York City passed the Biometric Identifier Protection Code, which provides that it is “unlawful to sell, lease, trade, [or] share in exchange for anything of value or otherwise profit from the transaction of biometric identifier information.” The City Council was troubled by the use of facial recognition technology in entertainment venues, and its primary concern was how the data was managed and stored. More specifically, technology experts warned the City Council that this data could be collected and sold to third parties for marketing purposes without consumer consent.
The Madison Square Garden lawsuit, and Mr. Dowling’s complaints
In 2023, other plaintiffs sued Madison Square Garden, alleging violations of the Biometrics Law. Specifically, they alleged that the venue’s collection and use of biometric information violated the law and unjustly enriched the venue. At the time, the technology was being used to screen for attendees who had been barred from the venue, including lawyers who were adverse to the venue. The plaintiffs also alleged that the screening was used to collect biometric data, and to share that data with a third-party vendor.
A federal judge in New York ultimately dismissed the lawsuit, reasoning that the Biometrics Law had not been violated because Madison Square Garden was using but was not engaged in the sale or transaction of biometric information. According to the judge, mere use was not prohibited. The judge also held that the unjust enrichment claim was preempted by the state’s Civil Rights Law.
Despite the dismissal of the Madison Square Garden lawsuit, Mr. Dowling initiated his current action against Citi Field in 2024, alleging violations of the Biometrics Law, New York’s consumer protection law, and unjust enrichment.
Concerning the Biometrics Law, Mr. Dowling alleged that since at least 2018, Citi Field has used surveillance cameras to recognize the faces of attendees and compare their identities with lists of banned individuals or other individuals identified as security concerns, sometimes in collaboration with the New York City Police Department. Mr. Dowling alleged that Citi Field maintains 187 surveillance cameras for these purposes. He also alleged that attendees’ images were potentially being shared with Genetec, the security contractor for the stadium.
City Field moves to dismiss
Citi Field argues that Mr. Dowling does not have valid claims under the law because there is no allegation that the venue profited from the sale of biometric data. According to Citi Field, Mr. Dowling’s theory of the case would prohibit any use of biometric data that provides a benefit to a business, which is not what the law says or was intended with its enactment.
Next, Citi Field contends that Mr. Dowling’s consumer protection claim fails because the venue’s use of facial recognition technology was publicly known and attendees could not therefore have been misled by its use. In addition, the venue argues that Dowling was not injured by the alleged conduct, and that there are no plausible allegations that it was unjustly enriched by its use of the technology.
Finally, Citi Field asserts that Mr. Dowling’s common law claim for unjust enrichment is preempted by the New York City Civil Rights Law, citing cases holding that the Civil Rights Law preempts all common law claims based on the unauthorized use of an individual’s name, image, and likeness.
Mr. Dowling has filed a notice of dismissal of the count alleging violation of the Biometrics Law. He apparently intends to proceed with his other claims.
Fair or foul?
The Dowling case presents an important test of data collection practices, which are increasing in use, and legislatures’ efforts to regulate them. If Mr. Dowling’s claims survive, one would expect to see similar litigation against other sports and entertainment venues in New York City that use facial recognition technology. Even if Citi Field prevails, New York residents and their elected officials may nevertheless question the Mets’ practices and whether changes to the biometrics law are needed.
The Constangy Cybersecurity & Data Privacy Team regularly counsels businesses of all sizes and industries on how to comply with the growing number of data privacy laws and regulations. If you would like additional information on how to prepare your organization, please contact us at cyber@constangy.com.
Senior CounselHe represents and advises businesses on a broad range of labor and employment matters, including discrimination complaints, wage and hour claims, class actions, employment agreements, restrictive covenants, data privacy ...
Associate AttorneyWith a background in data privacy, intellectual property, and regulatory compliance, Sydney brings a thoughtful, practical approach to managing sensitive matters in fast-paced environments.
Before joining Constangy, Sydney ...
The Constangy Cyber Advisor posts regular updates on legislative developments, data privacy, and information security trends. Our blog posts are informed through the Constangy Cyber Team's experience managing thousands of data breaches, providing robust compliance advisory services, and consultation on complex data privacy and security litigation.
