(L to R) Jonathan Goldstein and David Podein, Haber Slade in Miami. Courtesy photo. From left, Jonathan Goldstein and David Podein, Haber Law, Miami. Courtesy photo.

The prevalence of the COVID-19 coronavirus raises many issues for condominium associations. Florida's enactment of extensive condominium emergency powers was intended to address hurricanes, and yet it now becomes a tool for associations to manage threats posed by a global pandemic. Similarly, guest and rental policies (and their enforcement) have health impacts that have likely never been considered before. In an indirect way, COVID-19 also has us considering another novel issue for associations: the implementation of fingerprint biometric systems in condominiums.

While, the hygienic arguments for and against using fingerprint biometric systems may be outside of our strike zone, associations that utilize biometric systems must now contemplate how such concerns can be addressed (i.e., through maintenance protocols, hand sanitizer or other means). But how should condominium associations implement biometric systems given the undecided legal landscape of data collection and privacy concerns?

Biometrics are any metrics related to human features including fingerprints, retina or iris scans, voiceprint, or scans of the hand or face. Many condominium buildings have recently adopted or may be considering an upgrade to fingerprint biometric access to common areas as a replacement to common area key fobs or similar access systems. Proponents argue that the potential benefits from installing fingerprint biometric security include convenience, reduction to administration costs, robust security and use information regarding access to entry and exit points—including who entered what door and at what time, and the ability to more effectively limit access. This would further the use suspension rights and the ability to combat illegal short-term rentals and other improper uses. This seems reasonable and likely to create a safer condominium living experience.

However, associations should consider the ramifications of inevitable pushback from residents, especially given concerns regarding the spread of COVID-19. The implementation of biometrics is such a new and undefined topic that it would be prudent for a condominium association to only adopt a system that still preserves an alternative means of access for residents. The alternative means should allow entry for those residents who are either unable to use a fingerprint system or those who choose not to participate. The installation of biometric equipment and changes in the common areas is an alteration; the Condominium Act (Florida Statute Chapter 718) and most governing documents of a condominium association require a membership vote to alter the common areas (typically if the costs exceed a cap). Generally, condominium associations have the power to implement policies and rules for the operation and security of the association as long as it is permitted by the association's authority in its declaration of condominium and is reasonable. This principle is commonly referred to as the "Beachwood Test" from Beachwood Villas Condominium, v. Pool, 448 So.2d 1143, 1145 (Fla. 4th DCA 1984). The business judgment rule protects an association's authorized operational decisions as long as the decisions are reasonable. In most condominium associations, the governing documents probably do not expressly prohibit (or even address) the use of and collection of biometric data. Proponents would argue that such use and collection should be considered reasonable based upon its general acceptance as a security measure, growing usage, and potential effectiveness as a security tool. An association considering biometrics should publicly discuss and document (in minutes and resolution adopting its usage) the recommendations received from management and other sources supporting the association's reasonable judgment.

Even though the requirement to use biometrics arguably is a reasonable restriction on use that would fall within the association's business judgment, there is a counter-argument that could be raised by owners who cannot physically use a fingerprint biometric system and those who merely object to such a system. Opponents might argue that the requirement to participate and provide such biometric data as a condition to access the building and their units is a violation of statutory and condominium declaration access easements fundamental to condominium ownership. The legislature and courts have not addressed this issue yet. The potential risks would be dramatically reduced by having the membership approve and pass a declaration amendment that the access easement is subject to use and accumulation of reasonable biometric data, and that consent to such use and accumulation is a reasonable condition of ownership.

The Florida Information Protection Act of 2014 (FIPA), a Florida law governing privacy rules for entities handling personal information, makes no mention of biometrics. FIPA, as written, may not apply to condominium associations. FIPA is limited to "commercial entities," which may not include a not-for-profit condominium association. Even assuming it does, FIPA does not mention biometric data in the categories of protected personal information. Protected personal information under FIPA also does not include information that is encrypted, secured, or modified by any other method or technology that removes elements that personally identify an individual or renders information unusable (arguably, anonymous biometric data such as a unique key signature that is disassociated from the information that identifies an individual). See Section 501.171 (1)(g), Fla. Stat. In February 2019, the Florida Legislature introduced a bill to create the Florida Biometric Information Privacy Act (FBIPA". This bill would have created requirements on the collection of biometric data and even created a private right of action for certain violations.  The legislature did not pass FBPIA.

Further complicating this issue, the Condominium Act governing an association's official records specifically requires an association to maintain and not disseminate personal information such as Social Security numbers, driver license numbers, addresses, and any electronic security measures that are used to safeguard data. Biometric data would surely fall within such protections.

Until the legislature or the courts address this issue, condominium associations should continue to approach this with caution, adopting policies that address contingencies such as a hurricane or public health crisis, incorporating biometric access considerations into any emergency plan, adopting maintenance policies and/or quality of life features that mitigate hygienic concerns for shared-use touchscreens, providing alternative means of access, and ensuring that alternative means of access can hold up under pressure from emergencies.

A public health emergency reinforces that safety, security, and privacy are always fundamental concerns for condominium associations. Biometric security intersects with all of these issues and therefore warrants extra consideration in planning for contingencies.

David Podein and Jonathan S. Goldstein are partners at Haber Law in Miami. Podein concentrates his practice on construction law, real estate and community association representation. Contact him at [email protected]. Goldstein's practice areas include condominium and homeowner association law, commercial litigation and construction litigation. Contact him at [email protected].

|