Maine Biometric Privacy Laws: Facial Recognition Ban & Pending Protections (2026)

Maine occupies a unique position in the national biometric privacy landscape. The state enacted one of the most restrictive government facial recognition bans in the country in 2021, yet it still lacks a law that requires private companies to get your consent before collecting your fingerprints, face geometry, or other biometric identifiers.

That gap may close soon. The Maine Online Data Privacy Act (LD 1822) cleared both legislative chambers in early 2026 and would bring biometric data under a comprehensive privacy framework if the governor signs it.

This guide covers every Maine law that touches biometric data, what protections exist today, what is pending, and what Maine residents and businesses should know.

For broader context on how Maine handles personal data, see our Maine Data Privacy Laws overview.

Government Facial Recognition Ban (Title 25, Section 6001)

Maine's strongest existing biometric protection targets government agencies, not private companies. Title 25, section 6001 took effect on October 1, 2021, after the Legislature passed LD 1585 with unanimous approval in both chambers.

What the Law Prohibits

The statute bars state, county, and municipal departments, employees, and public officials from using or possessing facial surveillance systems. It also prohibits government entities from entering third-party agreements to obtain, access, or use facial recognition technology.

The law defines "facial surveillance" as "an automated or semi-automated process that assists in identifying or verifying an individual" based on facial characteristics.

Exceptions to the Ban

The law carves out limited exceptions. Facial surveillance searches are permitted for:

• Investigating serious crimes (punishable by one year or more imprisonment) when probable cause exists
• Identifying deceased or missing persons
• Bureau of Motor Vehicles fraud prevention
• Iris scanning in correctional facilities
• Personal device authentication
• Compliance with the National Child Search Assistance Act

Safeguards and Enforcement

Facial surveillance data alone cannot establish probable cause for an arrest, search, or seizure. Any data obtained in violation of the law must be deleted and is inadmissible in court.

Individuals who are injured or aggrieved by a violation may seek injunctive or declaratory relief against the responsible department or official. Government employees who violate the statute face disciplinary action.

Agencies that use facial surveillance under the permitted exceptions must maintain de-identified public logs of all searches conducted.

Driver's License Biometric Restrictions (Title 29-A, Section 1401)

Maine also restricts how biometric technology can be used in the driver's license system. Under Title 29-A, section 1401, the Secretary of State may use facial recognition technology to search image records, but only to provide information to law enforcement in two scenarios:

• Emergency circumstances involving an immediate threat to a person's life
• Other circumstances established through formal administrative rulemaking

The statute explicitly prohibits any person, agency, or entity other than the Secretary of State from using biometric technology to search the Secretary of State's image records. This restriction prevents third-party access to the state's facial recognition database.

No Standalone Private-Sector Biometric Law

Unlike Illinois, Texas, and Washington, Maine has not enacted a law that requires private businesses or employers to obtain consent before collecting biometric identifiers. No state statute currently requires private entities in Maine to:

• Get written consent before collecting fingerprints, facial geometry, or voiceprints
• Provide notice explaining how biometric data will be used or stored
• Establish retention and destruction schedules for biometric records
• Refrain from selling or sharing biometric information with third parties

This means that as of March 2026, a private employer in Maine can implement fingerprint-based time clocks, facial recognition access systems, or other biometric tools without any state-specific biometric consent or disclosure obligations.

Failed Biometric Bills

The Maine Legislature has considered standalone biometric privacy legislation multiple times, but each attempt has stalled.

LD 1945 (2022): Representative Margaret O'Neil introduced "An Act To Regulate the Use of Biometric Identifiers," modeled closely on Illinois BIPA. The bill would have required written consent before biometric collection, prohibited the sale of biometric identifiers, and created a private right of action with statutory damages. The Judiciary Committee advanced the bill in a tripartisan vote, and the House passed it, but the measure died in non-concurrence between the chambers in April 2022.

LD 1705 (2023-2024): A second attempt, "An Act to Give Consumers Control over Sensitive Personal Data by Requiring Consumer Consent Prior to Collection of Data," proposed similar protections with statutory damages of $1,000 per negligent violation and $5,000 per intentional violation. The Judiciary Committee issued an "Ought Not to Pass" recommendation on March 27, 2024, and the bill died.

LD 1088 (2025): The Maine Consumer Data Privacy Act would have established a comprehensive privacy framework that included biometric data as a category of sensitive data. The bill received a divided committee report and was accepted as "Ought Not to Pass" on June 25, 2025.

Maine Online Data Privacy Act (LD 1822): Pending Legislation

The most significant pending development for biometric privacy in Maine is LD 1822, the Maine Online Data Privacy Act. The House passed the bill on February 10, 2026, and the Senate advanced it in early March 2026. As of late March 2026, the bill is still in the final stages of the legislative process.

Biometric Data as Sensitive Data

LD 1822 defines "sensitive data" to include genetic or biometric data, along with other categories such as precise geolocation data, health information, and data concerning minors under 18.

Strict Processing Limits

The bill would bar all processing of sensitive data that is not "strictly necessary to provide or maintain a specific product or service requested by" the consumer. This standard is more restrictive than the opt-in consent approach used in many other state privacy laws.

Under this framework, a company could not collect biometric data simply because a consumer clicks "agree" on a broad consent form. The collection would need to be strictly necessary for a specific product or service the consumer actually requested.

Consumer Rights

If enacted, the law would give Maine residents the right to:

• Confirm whether their personal data (including biometric data) is being processed
• Access, correct, and delete their data
• Obtain a portable copy of their data
• Opt out of targeted advertising, data sales, and profiling

Enforcement

The Maine Online Data Privacy Act would be enforced exclusively by the Attorney General. It does not create a private right of action. Violations would be subject to penalties under the Maine Unfair Trade Practices Act (5 MRSA section 207), which allows civil penalties of up to $10,000 per intentional violation.

Effective Date

If signed into law, the Act would take effect on July 1, 2026.

Breach Notification Law Does Not Cover Biometric Data

Maine's breach notification statute, the Notice of Risk to Personal Data Act (10 MRSA sections 1347-1348), requires businesses to notify residents when a security breach exposes their personal information. However, the law defines "personal information" narrowly under section 1347 to include only:

• Social Security numbers
• Driver's license or state identification card numbers
• Financial account, credit card, or debit card numbers with associated security codes or passwords

Biometric data is not listed. A breach that exposes fingerprint templates, facial recognition data, or other biometric identifiers alone does not trigger notification obligations under this statute.

This stands in contrast to states like California and New York, which have amended their breach notification laws to explicitly include biometric information.

Maine Unfair Trade Practices Act

The Maine Unfair Trade Practices Act (5 MRSA section 207) declares unlawful any "unfair methods of competition and unfair or deceptive acts or practices in the conduct of any trade or commerce."

While the statute does not mention biometric data by name, the Maine Attorney General could theoretically use these broad consumer protection powers to take action against a business that collects biometric data through deceptive means, such as failing to disclose that facial recognition cameras are recording customers.

The Attorney General can seek civil penalties of up to $10,000 per intentional violation. Consumers may also bring private actions in Superior Court or District Court for actual damages, restitution, and injunctive relief under the Act.

No published Maine enforcement action or court decision has applied the UTPA specifically to biometric data practices as of March 2026.

ISP Privacy Law (Title 35-A, Chapter 94-A)

Maine's ISP privacy law, enacted in 2019 and effective July 1, 2020, prohibits broadband internet service providers from using, selling, or distributing customer personal information without express consent. The law applies to "customer personal information" broadly, but its primary focus is on internet browsing data and online activity rather than biometric identifiers specifically.

The law does prohibit ISPs from penalizing customers who refuse to consent to data sharing, and it requires providers to take reasonable measures to protect customer personal information from unauthorized use.

What This Means for Maine Employers

Maine employers who use biometric technology for timekeeping, access control, or security face no state-specific biometric consent requirements under current law. However, employers should consider these practical steps:

• Monitor LD 1822 closely. If the Maine Online Data Privacy Act is signed, employers will need to evaluate whether their biometric data collection is "strictly necessary" for a specific product or service.
• Provide written notice before collecting biometric data, even though current Maine law does not require it. This reduces risk if new legislation includes retroactive elements.
• Establish a retention policy that specifies how long biometric data will be stored and when it will be destroyed.
• Check multi-state obligations. Employers with workers in Illinois, Texas, or other states with biometric laws must comply with those states' requirements for their respective employees.

Federal Laws That Apply in Maine

Because Maine lacks a comprehensive private-sector biometric law, federal statutes provide important baseline protections.

HIPAA protects biometric data when collected or maintained by covered healthcare entities. Fingerprints, voiceprints, and facial images qualify as protected health information when linked to patient medical records. (HHS HIPAA Overview)

COPPA requires parental consent before websites and online services collect personal information from children under 13, including photographs and audio files that can function as biometric identifiers. (FTC COPPA Rule)

FTC Act Section 5 prohibits unfair and deceptive trade practices nationwide. The FTC has used this authority to take enforcement actions against companies that mishandle biometric data. (FTC Act)

More Maine Laws

• Maine Data Privacy Laws
• Maine Recording Laws
• Maine Whistleblower Laws
• Maine Sexting Laws
• Maine Lemon Laws
• Maine Data Privacy Laws

This article is for informational purposes only and does not constitute legal advice. Biometric privacy law is evolving rapidly at both the state and federal levels. Consult a qualified attorney licensed in Maine for guidance on your specific situation.