FB pixel

Apple wins US biometric privacy case on appeal

On-device data does not trigger BIPA requirements
| Jim Nash
Categories Biometrics News  |  Consumer Electronics  |  Mobile Biometrics
Apple wins US biometric privacy case on appeal
 

In a biometrics-bound lawsuit decision more noteworthy for the name of its defendant than precedent, Apple has prevailed in a state of Illinois Biometrics Information Privacy Act case.

A state appellate court just before Christmas said that Apple does not violate BIPA by offering owners of its mobile devices the ability to unlock the operating system using their fingerprint or face.

The case was brought by David Barnett, Ethel Burr and Michael Henderson in Cook County Circuit Court. It was dismissed in January 2022 and appealed, according to legal news publication Cook County (Ill.) Record.

The matter could still be heard by the state supreme court. There also is an outside chance that a case can be made that software updates by Apple confer some ownership or control. This was not decided here.

It is not a shocking appellate decision and likely will have zero impact on other BIPA cases in the works. If anything, the decision shows businesses how to comply with the law and still legally sell biometric features and services.

Apple never collected, stored or managed the data collected by Touch ID and Face ID, functions that protect mobile Apple products from illicit access. Device owners do the scanning (or they can choose to use other access-control features) and the biometric data is stored nowhere but on their device.

Apple has no role in how the biometrics are managed, including when they are deleted.

The case could allow biometric technology providers like FaceTec, which provides algorithms to clients to process data on their own servers, to argue that they are not subject to BIPA’s requirements. The ruling could also protect on-device implementations such as those based on FIDO.

In every successful BIPA case to date, one or more companies required a person to be biometrically scanned, stored the data, used it for profit, managed the data (including sharing and/or selling it) or all of the above. They did not, however, get express permission to scan and manage or clearly state their intensions for the information or their policies for managing the data.

Article Topics

 |   |   |   |   |   |   |   | 

Latest Biometrics News

 

UK watchdog warns of legal risks as London police deploy LFR at protest

London’s Metropolitan Police will deploy live facial recognition (LFR) technology at a protest for the first time this weekend, prompting…

 

Age assurance debate arrives in Bangladesh

The dominos continue to fall in the game of global online safety legislation targeting social media platforms. Bangladesh is weighing…

 

Et tu, browser? Security experts ring bell over browser fingerprinting

Your web browser wants you to think it’s on your side. It’s your helpful window into the online universe, and…

 

Suprema’s BioStation 3 Max supports on-device biometric credential storage

Suprema has launched BioStation 3 Max, a biometric access control terminal that combines AI-powered facial recognition, fingerprint authentication and hardened…

 

NIST, Air Force move to sole-source biometric testing and monitoring contracts

The National Institute of Standards and Technology (NIST) and the U.S. Air Force Academy are pursuing separate sole-source contracts tied…

 

AI fraud crackdown risks locking blind users out of biometric identity systems

Government identity verification systems are increasingly locking blind and low-vision (BLV) Americans out of essential services as agencies deploy stricter…

Comments

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Continue Reading

Biometric Market Analysis and Buyer's Guides

Most Viewed This Week

Featured Company

Learn More

Biometrics Insight, Opinion

Digital ID In-Depth

Biometrics White Papers

Biometrics Events