FB pixel

The watch is on for the next wave of US biometric data privacy lawsuits

 

contactless fingerprint payments

Despite the wave of litigation alleging procedural violations of biometric data privacy rules, or perhaps because of it, other states are following Illinois’ lead by enacting regulations including redress mechanisms, and in some cases a private right of action for consumers, as described in a trio of editorials from legal experts.

Pennsylvania’s proposed Consumer Data Privacy Act, and Virginia’s recently-enacted Consumer Data Protection Act, which goes into force on January 1, 2023, will each force businesses to take proactive measures to ensure their compliance , Jeffrey N. Rosenthal and Thomas F. Brier Jr. of Blank Rome write for The Legal Intelligencer.

The Pennsylvania law includes a private right of action, while Virginia’s would not, but Rosenthal and Brier suggest it could include America’s broadest definition of covered biometric data. Under each state’s law, consumers would be granted rights to be informed when their biometrics are collected, to access and delete the data, to opt out of its sale, and in Virginia to correct data. Biometric data portability rules are also included in Virginia’s Act.

Businesses are required to reasonably secure biometric data, and each Act includes disclosure rules for third-party sales or targeted advertising.

The laws apply to businesses that derive half of their revenue from personal data sales, with at least 25,000 customers in the case of Virginia, as well as all companies of a certain size.

As in California, where the Unfair Competition Law can be used to bring private action against businesses and then “borrow” violations of other statutes, like the California Consumer Privacy Act (CCPA), Pennsylvania may allow plaintiffs to sue for unfair or deceptive practices, under a similar state law, with reference to the biometrics restrictions in its proposed CDPA.

NYC rule imposes requirements on stores

Even before New York’s proposed Biometric Privacy Act reaches a vote, an amendment to Title 22 of the New York City Administrative Code creates requirements for commercial establishments using biometrics reminiscent of Illinois’ Biometric Information Privacy Act (BIPA) Jackson Lewis P.C. Associate Damon W. Silver writes for The National Law Review.

The Amendment refers to restaurants and bars, entertainment venues like theaters and stadiums, and retail stores, requiring them to post notices informing patrons of their biometrics use, and blocking them from selling or otherwise profiting from any data they collect. Consumers have the right to make complaints and have alleged violations resolved by the business within 30 days, or a right of private action is triggered.

Silver also reviews other laws recently passed or yet to be enacted which relate to data privacy, including the SHIELD Act and the Tenant Privacy Act, which covers smart access systems using biometrics.

Maryland bill has private right of action, but not informed consent requirement

Maryland’s Biometric Identifiers and Biometric Information Privacy Act is currently before both the State House and Senate, and Blank Rome’s David J. Oberly writes for Lexology that it could become the second state after New York to pass legislation modeled on BIPA.

The proposal would bring in a right of private action against companies that fail to provide privacy policies including biometric data storage guidelines and retention schedules, that sell consumer’s biometric data, that disclose or share the data without consent, and that fail to reasonably protect the data. The remedies outlined are described by Oberly as a carbon copy of BIPA.

Maryland’s bill sets out a wider definition of biometric data than BIPA, however, provides exceptions for internal company operations, and does not impose the same informed consent requirements as Illinois’ law, which is the clause alleged to have been violated in the vast majority of BIPA suits.

Oberly warns that other states and local jurisdictions could follow the trend, and provides advice for companies using biometric data to remain compliant aid the shifting legal landscape.

Maryland also cracked down on the use of biometrics-based affect recognition in job interviews last year.

Article Topics

 |   |   |   |   |   |   |   | 

Latest Biometrics News

 

How to get passkeys working for a billion Microsoft users and beyond

The FIDO Alliance has kicked off the Authenticate 2024 conference with a campaign urging people to “free yourself with passkeys,”…

 

French regulator releases technical reference on age verification for porn

France’s Regulatory Authority for Audiovisual and Digital Communication, Arcom, has published its Technical Reference on Age Verification for the Protection…

 

EU’s EES delay welcomed as an opportunity to test biometric efficiency

The implementation of the European Union’s biometric Entry/Exit System (EES), designed to tighten border security and streamline the tracking of…

 

De La Rue exits authentication business with $393M acquisition by Crane NXT

Crane NXT, a micro-optics and security systems manufacturer based in the United States, has announced the acquisition of De La…

 

Honor to introduce Omnivision ultrasonic biometrics in new smartphone: leaker

Honor is expected to announce the Magic 7 smartphone series later this month, and reliable leaker Digital Chat Station says…

 

Hikvision reportedly laying off 1K staff in China amid effects of sanctions

Chinese surveillance equipment manufacturer and facial recognition provider Hikvision is said to be facing economic knocks from U.S.-imposed sanctions which…

Comments

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Most Read This Week

Featured Company

Biometrics Insight, Opinion

Digital ID In-Depth

Biometrics White Papers

Biometrics Events