FB pixel

Amazon argues Alexa terms of service undercut biometric privacy claims as BIPA defenses considered

Amazon argues Alexa terms of service undercut biometric privacy claims as BIPA defenses considered
 

The terms of service provided by Amazon for its voice assistant Alexa specify the company’s policies for use and storage of biometric information, satisfying the written notification requirements of Illinois’ Biometric Information Privacy Act (BIPA), according to an argument reported by Bloomberg Law.

Amazon has argued that due to the notification, plus a lack of standing in the U.S. District Court for the Northern District of Illinois, means the claims against them should either be dismissed or sent to arbitration. The company claims that as Amazon and Alexa customers, the plaintiffs agreed to arbitrate any dispute over its products or services.

Plaintiffs have alleged that Amazon does not have a data-retention policy for Alexa, and retains voice recordings for biometric analysis without the written permission required under BIPA.

The suit was filed earlier this year, and Amazon began filing arguments for its dismissal in September.

Defense strategies considered

A blog posted to law firm Dykema’s The Firewall reviews some of the arguments deployed by BIPA defendants, and finds a challenging situation for them, with a glimmer of hope for some.

Facebook’s rejected argument that its machine learning models do not use face geometry in its facial recognition is one such argument considered. Some defendants have argued that their biometric processes are based on photographs, which are specifically excepted in BIPA, they are legal, but the court has rejected the argument, in the case of Shutterfly, despite recognizing the logic behind it, saying that it did not provide the necessary context to support such a narrow interpretation of BIPA, according to Dykema associate and registered patent attorney Matthew Hays.

The court decided in a case involving Facebook that the photograph exception applies only to paper (or physical) prints, not digitized images. Similarly, in a case involving Google, a District Court determined that BIPA applied to biometric identifiers derived from photographs, even if it does not apply to the photographs themselves, leaning on the distinction between ‘biometric information’ and ‘biometric identifiers,’ both of which are covered under the Act.

Hays believes the court ruling in Rivera v. Google Inc. requires plaintiffs to differentiate between what counts as both biometric information and identifier and what counts only as an identifier to avoid the broader exceptions of the biometric information clause.

“All of this leads to the conclusion that the interpretation of BIPA has adapted to maximize its reach, even with technologies and arguments unknown at the time of its passage,” Hays writes.

The terms of service defense used by Amazon is not included, but seems to represent a novel strategy not available to most defendants, who face claims brought by employees rather than customers.

New BIPA suits cut from same cloth, but with a wrinkle

Sky Chefs and a Wingstop franchisee are among the latest companies operating in Illinois to be hit with potential class action suits for subjecting their employees to biometric time and attendance checks, allegedly without fulfilling the informed consent requirements of the Illinois’ law, according to separate reports by Bloomberg Law and Law360.

In the case of Sky Chefs, an additional element is that the plaintiff alleges he was required to clock in for shifts five or six minutes ahead of time, which has accumulated in over 100 hours of unpaid overtime, according to the allegations. The informed consent allegation in that case is that the plaintiff was not provided a data retention policy or told his biometric data was being disclosed to third-party vendors.

In the Wingstop case, it is alleged that no written permission was obtained from employees.

Article Topics

 |   |   |   |   |   |   |   |   |   | 

Latest Biometrics News

 

Passkey adoption by Australian govt, banks drives wider passwordless authentication

It’s high noon for passwords. Across the Authentication Corral, an inscrutable stranger saunters up and puts their hand on the…

 

‘New era in travel’: airports, airlines continue to be sweet spot for biometrics

A fascinating experiment in biometrics would be to find a privacy conscious person who would generally avoid facial recognition, put…

 

Limitations of FRT apparent in search for United Healthcare CEO’s killer

The murder of United Healthcare CEO Brian Thompson in Midtown Manhattan involved the use of facial recognition technology (FRT) to…

 

OpenID, BIO-key, RSA, SecureAuth showcase at Gartner IAM Summit

The 2024 Gartner Identity & Access Management Summit, running from December 9-11 in Grapevine, Texas, is playing host to names…

 

Aboriginal digital ID offers Indigenous Australians pathway to essential services

There are more than 200,000 Aboriginal and Torres Strait Islanders in Australia who lack a birth certificate. Without this vital…

 

Australia piloting myGov app and Trust Exchange for sharing medical data

The Australian government has launched a pilot of its myGov public services app and Services Australia’s Trust Exchange (TEx) proof-of-concept…

Comments

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Most Viewed This Week

Featured Company

Biometrics Insight, Opinion

Digital ID In-Depth

Biometrics White Papers

Biometrics Events