California BIPA copy proposed as biometric data privacy proposals proliferate

State legislators in California are proposing copycat legislation modeled on the regulation which has proven most punitive for businesses using biometric technology of any state’s so far.

Sponsored by State Senator Bob Wieckowski (D-Fremont), the California Biometric Information Privacy Act bars the collection, use or dissemination of people’s biometric data without a need to do so, and informed written consent, just like Illinois’ Biometric Information Privacy Act, often referred to as BIPA.  California’s BIPA, like Illinois’ includes a right of private action. The proposed Act also expands the definition of biometric data in the state, taking in behavioral biometrics and hypothetical physiological modalities.

SB 1189 is intended to supplement the California Consumer Privacy Act (CCPA), which already includes an opt-out requirement for the sale of individuals’ personal information and other protections.

“Biometric technologies are becoming more prevalent in our society and it is important that we safeguard consumers from this encroachment into their privacy,” states Wieckowski, a member of the Senate Judiciary Committee. “SB 1189 would ensure biometric information is applied in a responsible manner that protects individuals’ privacy by expanding control over their personal information. It takes the onus off of consumers by requiring their informed consent to collect or disclose biometric data.”

The Electronic Frontier Foundation (EFF) and Privacy Rights Clearinghouse support the proposal, according to the announcement.

The Bill is currently before the House Rules Committee.

Massachusetts follows CCPA

Massachusetts is considering its own data privacy bill with direct limitations on biometrics use, though the Massachusetts Information Privacy and Security Act (MIPSA) also covers a range of other data types and proscribes an opt-out requirement similar to CCPA.

Spotted by the Daily Dot, MIPSA has been advanced by the Massachusetts Legislature’s Joint Committee on Advanced Information Technology, the Internet and Cybersecurity, and is expected to scrutinized by the Ways and Means committee eventually.

The privacy bill, S 2687, would enable consumers to opt-out of targeted advertising and provide a series of rights around access to their data, and require companies to provide “clear, easy-to-understand privacy notices.”

“Online privacy and security issues are only going to get more important, and we need to take proactive measures to ensure new technologies are used responsibly,” Senate Chair Barry Finegold said in a statement, according to the Dot. “In the absence of federal action, we can enact meaningful reforms in the Commonwealth and help clarify the rules of the road for businesses. MIPSA is an important step in the right direction: the bill affirms foundational privacy principles and develops an adaptable, enduring regulatory framework.”

BCLP keeping track

Bills passed in Baltimore, Maryland, and Colorado have been added to Bryan Cave Leighton Paisner (BCLP) LLP’s ‘U.S. Biometric Laws & Pending Legislation Tracker’ in a February update. Proposed legislation in Alaska, Florida, Georgia, Hawaii, Indiana, Kentucky, Maine, Maryland, Mississippi, New Jersey, Oklahoma Pennsylvania and Wisconsin have also been added, along with federal bills and several amendments suggested to Illinois’ biometrics legislation are also added.

Most of the state measures on the proposed legislation list are not marked “biometric specific,” but rather deal more generally with data privacy.

The update also notes recent activity on the bills’ paths through the legislative process, and that numerous of the pieces of pending legislation have been inactive for some time.

Facebook settlement appeals target attorneys’ fees

Meanwhile in Illinois, the terms of Facebook’s massive BIPA settlement are facing objections.

An agreement for the class to pay out $97.5 million of the $650 million settlement in attorneys’ fees is based on a breach of fiduciary duty to the class by U.S. District Court Judge James Donato, and is far higher than the multiplier ranges approved by the Ninth Circuit, Law360 (subscription required) reports.

Class counsel reportedly told Donato that they would not seek fees for the additional $100 million needed to gain Donato’s approval. Instead of 15 percent of $650 million, objectors counsel argues, attorneys should have been awarded 10 percent of $550 million, or $55 million. The actual amount is a 4.7 lodestar multiplier, according to an attorney, compared to the usual range of 1 to 4 multiples. The lodestar multiplier refers to the number of times the hourly rate would have to multiplied to make the total fee amount.

The $650 million settlement is being appealed on multiple grounds, according to the report. When Donato approved the settlement a year ago, he reduced the attorneys fees from the $110 million requested to $97.5 million.

After a series of arguments, the panel is considering the submissions.

Article Topics

behavioral biometrics  |  biometric data  |  Biometric Information Privacy Act (BIPA)  |  biometrics  |  California  |  CCPA  |  commercial applications  |  data protection  |  Facebook  |  legislation  |  privacy