Broad biometric protections in Senate bill with slim prospects
With notable exceptions, legislation proposed by U.S. Senators Bernie Sanders and Jeff Merkley would make it all but impossible for businesses to harvest biometric data. The compliance requirements alone would seem to be beyond all but the biggest biometrics players.
The National Biometric Information Privacy Act (NBIPA) would require prior written consent of people before businesses could use any of their immutable characteristics captured by facial recognition or any other biometric systems.
While there are important conditions in the bill, the biggest caveat is that the Democrat-sponsored act has little chance of winning enough Republican support.
In order to legally collect or receive biometric data by any means, businesses would have to tell a person in writing that the information is being collected and stored. It would have to tell people why the data is being collected, stored and used. And the person would have to sign a waiver stating that they understand all of the above.
There would be no grandfathering of data already held by businesses, either. Within 60 days of the act becoming law, a business holding biometric identifiers or information on someone would have to make public a deletion schedule.
Businesses generally could not profit from biometric data by selling, leasing, trading or using it in advertising.
People would have the right to a free report, covering the previous 12 months, and revealing details about their data, among them: descriptions of “specific pieces of personal information” stored, “categories of sources from which the business collected” the data and “categories of third parties” that received the data, if any.
Not all personal identifiers would be protected. Writing samples and photographs would be exempted as would biological samples used for scientific testing as well as tattoo and physical descriptions. Also protected in the bill is data recorded for a health care patient, including X-rays.