Was your face scanned at a bar this Pride weekend? Here’s how to delete it

6 min read Original article ↗

It’s not uncommon to feel pangs of regret after a big weekend out — for overindulgences of drinks, dalliances, burritos, or all of the above.

Now some hungover bargoers can add “turned over personal information to surveillance companies” to the list. A number of destinations in the Castro, including The Mix Bar, Badlands, and Toad Hall, have been using the third-party security service Patronscan to scan IDs, photograph faces, and store personal information in a shared database, as first reported by Gazetteer SF. (opens in new tab)

The extra level of security is meant to give businesses a way to flag problematic patrons and share that information with other bars — a kind of mass joint “86’d” list. However, the technology has concerned community members and privacy organizations. 

“We advise San Franciscans avoid such bars until they remove the facial recognition technology to ensure safety for the queer and trans community, free from harmful surveillance,” digital rights advocacy group Fight for the Future wrote in a post (opens in new tab) ahead of Pride weekend. 

The good news is that California’s privacy laws, stronger than those of most states, give you some control over what happens to that information. You can see it, fix it, delete it, and, if you feel you were incorrectly flagged by a bar using the software, dispute it. 

What they have and where it’s shared

Before you go into a bar, look around the security check. Is there a small camera pointed at you or a posted disclosure about a scanning system? If they are using Patronscan or similar technology, you can ask about opting out, but the bar is within its rights to refuse you entry. 

“It’s a really unfair choice, especially for people in more vulnerable populations,” said Hayley Tsukayama, director of state affairs at the Electronic Frontier Foundation, a digital privacy organization. “In the context of gay bars or affinity bars, it robs people of the opportunity to be in community with other people without having to make this calculation.” 

When your ID is scanned, Patronscan creates a record that includes your photo, full name, date of birth, gender, ZIP Code, and the ID expiration date. It also logs the time and location, which in itself can be revealing. Patronscan says it keeps this data for unflagged people for 21 days in the U.S. 

The company doesn’t delete everything after that, or when you file a deletion request. On its side, Patronscan collects “non-personally identifiable data,” like how many people were scanned on any given night, which can be used for reports, according to the company. While Patronscan says this information never contains personal information, experts have repeatedly showed that it’s possible to identify people from anonymous datasets using combinations of limited identifiers such as ZIP Code, date of birth, and gender. 

And Patronscan shares that data with law enforcement if they are working on an “official investigation” — no warrant required.

How to request your information

Before you jump directly to asking the company to delete your data, request a full copy to see exactly what was collected about you. 

Patronscan has an online disclosure request form (opens in new tab), or you can email [email protected], identify yourself as a resident of California, and explain that you’d like a copy of all the data it has associated with your name. For both options, be prepared to provide ID to confirm your identity. Yes, showing ID to delete a copy of your ID feels counterintuitive, but it’s a tactic to stop third parties from requesting your personal information. 

Don’t expect an instant reply. We submitted a request a week ago over email for someone who was scanned at a San Francisco bar and have not received a reply. The company says it replies to requests filed using the online form within 10 days, but under California state law it has up to 45 days.

How to get them to delete it

Ready for your clean slate? Let’s file a data deletion request. The company does not have a form for this one, so you have to send an email — or, if you’re feeling retro, snail mail to their office. You’ll follow the same script. Include your full name, birthdate, and email address, and, if you’d like to save the company a step, a copy of your ID. You can try blacking out sensitive information on your ID and see if that works first. 

If the company doesn’t reply within 45 days, you can take your complaint up with the California Privacy Protection Agency. There’s an online form (opens in new tab) where you can share details about the company and what steps you’ve taken so far. 

What to do if you’ve been flagged

Patronscan’s core selling point is that it lets bars flag problematic customers, then share that information with other participating businesses. If you think you’ve been unfairly flagged, your first stop is the scene of the crime — unless you literally committed a crime, in which case you are out of luck. Ask managers of the bar that flagged you if they’ll consider removing the flag. 

If they say no, your next step is taking it up directly with Patronscan, which has a flag dispute form (opens in new tab) where you can tell your side of the story. If you are denied, gut check with a friend in case it’s an opportunity to review some of your life choices. 

What to do to avoid this in the first place

The easiest way to prevent the morning-after data-requests-of-shame is to not frequent locations that use face ID systems. Or use your power as a consumer to pressure bars to find other security options. Some well-known San Francisco queer bars, including El Rio, have committed to not using face detection.

“Voting with your feet is great,” Tsukayama said. “They can hear from the patrons, from the people who are going to these bars and are worried about their info being shared.”