FB pixel

U.S. states follow BIPA with biometric data privacy proposals

Illinois courts still sorting out what counts
U.S. states follow BIPA with biometric data privacy proposals

Florida’s House of Representatives has passed a bill to establish a data privacy bill in the state with a right of private action, by a 103-8 vote, the Ormond Beach Observer reports.

If passed by the Senate and signed into law, HB 9 would require companies that have over $50 million in annual revenue or handle the data of 50,000 people to provide notice to consumers about their practices when collecting their personal data.

The bill does not specifically refer to biometrics, but the Associated Industries of Florida warned that it could bring in major compliance, operation, and litigation costs for companies in the state.

Similar legislation proposed in Maryland could further complicate the compliance landscape for biometrics use in the U.S., writes David Oberly, who recently joined Squire Patton Boggs, for Law360 (subscription required).

Kentucky’s HB 32 and Maryland’s HB 259, also known as the Maryland Biometric Identifiers Privacy Act, each specifically target biometrics, and Oberly notes that Maryland has made multiple attempts in previous sessions to pass legislation modeled on the country’s most impactful biometrics regulation, Illinois’ Biometric Information Privacy Act (BIPA).

Each proposal includes informed consent requirements, retention rules, restrictions against selling or sharing biometric data, and crucially, a right of private action.

The Maryland legislation was cross-filed with SB 335. The Kentucky proposal, however, was withdrawn on February 28, leaving its future in doubt.

A guide to biometrics regulations around the world produced by law firm Eversheds Sutherland shows the gradual creep of laws restricting and placing conditions on the use of the technology.

The ‘Global Biometrics Guide 2022’ covers BIPA (more on that below), as well as reviewing the regulatory conditions for biometrics in the UK and the EU, Asia and the Middle East.

BIPA limitations, exemptions weighed

The Illinois Supreme Court rejected an appeal from BIPA plaintiff Ring Container Technologies, which sought to limit the scope of the class action against it, writes the Cook County Record.

The statute of limitations for the BIPA suit, alleging informed consent-related violations by an employee time and attendance system, like so many other cases brought under the law, should be limited to two years based on workers compensation rules, rather than the five year limit that has been applied in other cases.

Ring Container appealed to the State Supreme Court to hear its case before the similar Tims v Black Horse Carriers statute of limitations question, on grounds that its case includes multiple potential statutes of limitations, as opposed to the sole limitation in question in the latter case. The court declined to hear the appeal, however, with no dissent and no explanation.

A lawsuit against Point-of-sale system vendor Signature Systems over alleged violations of Illinois biometric data privacy law will be heard in U.S. District Court, Bloomberg Law reports, after it was approved by the judge.

Judge Mary M. Rowland of the Northern District of Illinois denied a motion to dismiss the case, ruling that plaintiff Ronesha Smith satisfied the requirements to claim violations under the BIPA.

The defendant allegedly violated BIPA by failing to publish a data retention and destruction policy and also to obtain written consent before the plaintiff’s fingerprint biometrics were scanned by one of its PoS systems.

The federal Health Insurance Portability and Accountability Act of 1996 does not exempt hospitals and other healthcare providers from BIPA, an appeals panel has ruled, according to a separate Cook County Record report.

A pair of nearly-identical appeals from a handful of healthcare organizations were rejected by the First District Appellate Court, which found that BIPA’s language makes clear that only patient data already protected under HIPAA is excluded.

Labor agreement can trump BIPA, however, as an appeals panel granted a motion dismissing a class action brought by union members. Under the federal Labor Management Relations Act, collective bargaining agreements pre-empt BIPA, the Seventh Circuit panel found, according to the Cook County Record.

Meanwhile Macy’s has appealed a denial of its motion to dismiss its inclusion in a biometric data privacy case against Clearview AI. Law Street writes that the retailer argues the same logic could be applied to pull any of Clearview’s hundreds of other possible customers into the lawsuit as defendants. The company also argues that the consideration of BIPA cases with those filed under New York and California statutes could cause jurisdictional conflict.

Article Topics

 |   |   |   |   |   |   |   |   | 

Latest Biometrics News


Anticipation for Metalenz and Samsung’s answer to Face ID mounts

After Samsung and Metalenz collaborated to incorporate Samsung’s Isocell Vision 931 image sensor into Metalenz’s Polar ID imaging technology, Mashable…


Germany beefs up border security ahead of UEFA Championship

Germany has been ramping up security measures such as border checks and CCTV surveillance in preparation UEFA European Football Championship…


Inverid and Cybernetica team up to secure digital ID, signatures with biometric MFA

A new partnership has been formed by Inverid and Cybernetica to combine the NFC ID document-scanning capabilities of the former…


Vision-Box unveils new Service Design platform for travel experience enhancement

Vision-Box, an Amadeus company known for its biometrics-based travel offerings, has introduced its latest service innovation: Service Design, which aims…


Moldova’s first digital ID app sees 24K downloads in five days

Moldova’s first digital identity wallet was downloaded over 24,000 times within the first five days, causing temporary glitches due to…


Australia and Japan showcase cross-border verifiable credentials

In recent years, Australia and Japan have both launched digital identity initiatives allowing their citizens to verify themselves online. The…


Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Most Read This Week

Featured Company

Biometrics Insight, Opinion

Digital ID In-Depth

Biometrics White Papers

Biometrics Events