Consent legislation progresses in California; biometrics would be reined in

Two California privacy, bills both of which give citizens more rights over their biometric identifiers, are moving toward a vote.

The first piece of legislation, Senate Bill 1189, would require private entities (but not government agencies) to get opt-in consent in order to collect biometric data. It was referred to the Judiciary and Appropriations committees and is scheduled for a committee hearing April 5.

It could become law in September.

Senate Bill 1172 is more specialized. It would restrict the biometric information that automated proctoring software makers can collect from test takers.

S.B. 1189 would not bar a private entity from collecting and using someone’s biometric data. It would, instead, require those entities to get written consent from a person before any biometric identifier is collected.

An organization wanting the data would need a valid business purpose for harvesting the information as well as retention and destruction policies. The entity also would not be able to profit from disclosing the data collected.

People feeling they were wronged would have the right to sue for compensation. And consumers would not receive more favorable terms than those who do consent.

Those successful in suing could be awarded statutory damages of $100 to $1,000 per violation per day, actual and punitive damages and attorney fees.

There is more than a passing resemblance to Illinois’ battle-worn Biometric Information Privacy Act.

Meanwhile, proctoring software makers are watching S.B. 1172, or the Student Test Taker Privacy Protection Act. The legislation is also due for a committee hearing April 5.

Not unlike S.B. 1189, this piece of lawmaking narrows the biometric data — in this case information collected by proctoring service firms — that can be collected after informed consent is signed by a student or guardian.

One of the goals of the bill is to prevent proctoring software makers from harvesting more data than is required to register for a test. Backers also want to give test-takers the right to opt out of the sale of their data at any point.

California is already among the states most protective of its residents’ data, through its California Consumer Privacy Act.

Article Topics

biometric data  |  biometric identifiers  |  biometrics  |  California  |  data collection  |  data protection  |  legislation  |  privacy  |  remote proctoring