Pindrop exempted from biometric data privacy lawsuit
Several finer points of biometric data privacy regulations have been raised in different court proceedings, with one leading to claims against a biometrics developer being dismissed. As usual, most of the litigious action is in Illinois.
Pindrop counts as a financial institution under the Gramm-Leach-Bliley Act when it is authenticating customers of investment and insurance firm John Hancock, and is therefore exempt from requirements under Illinois’ Biometric Information Privacy Act, a federal judge has ruled. That means claims against the voice biometrics provider as part of a suit involving Amazon Web Services have been dismissed, as reported by Law360.
The same decision was previously made about DePaul University, which like Pindrop is subject to regulation under Gramm-Leach-Bliley.
A single claim against AWS, which argued that it was exempt because it was acting as a service provider for financial institution John Hancock, will proceed. BIPA does not include service providers to financial institutions, only financial institutions themselves, Circuit Judge Stephanos Bibas found.
Blacklist adds a layer
Patronscan is accused of violating an Illinois law by collecting the biometrics of end-users without informed, written consent, and further by sharing that data with its customer network, reports Law360.
A woman attending a concert in Chicago had her face and driver’s license scanned with Patronscan technology, and Canada-based Servall Biometrics, which operates the Patronscan brand, compared the data to a blacklist, according to the complaint.
Patronscan also allegedly did not make clear which data retention policy applies to the plaintiff, also a violation of the Biometric Information Privacy Act.
Lensa BIPA’s latest
The use of customer biometrics both to edit photos and to train a neural network to edit photos by Prisma Labs’ Lensa AI app is the subject of a new lawsuit alleging BIPA violations, as reported by Bloomberg Law.
The training data was used to build a commercial algorithm, rather than for research or other altruistic purposes, according to the complaint. It was filed in federal court, as the potential class exceeds 100 members and potential damages could surpass $5 million.
Amended complaint still fails, CVS says
CVS, meanwhile, argues that a suit against it should be dismissed on grounds that the complaint does not allege the software it uses can identify the defendant.
Law360 reports that the distinction CVS makes is between face detection, which is a capability used by its software, and identification, which is not. While the plaintiff argues that by collecting personal data as part of the photo system, the software can identify individuals, CVS denies this.
Plaintiffs’ complaint was amended to include the collection of names and contact information by the Kodak Biometric ID Photo System kiosks in response to a December judgement that it previously failed to provide “the most foundational aspect of a BIPA claim.”
Meta and Texas argue over whether access constitutes disclosure
Texas’ Attorney General believes Meta disclosed biometric data to entities, possibly including its subsidiaries, that it has not yet admitted to, according to another Law360 report.
Meta says in a legal filing that the list it provided to the State of Texas of entities it “disclosed” biometric data of state residents to is complete, and that the State is attempting to move the goalposts by demanding the inclusion of entities that “accessed” the data.
The filing was in response to a second motion to compel the disclosure of information on the same topic.