Opposition gathers but biometric privacy laws grow
Forces for and against biometric information protection laws in the United States remain stalemated in a position that favors proponents by a vulnerable margin.
The state of Illinois remains the battle’s focus if for no other reason than its landmark 15-year-old Biometric Data Protection Act is alone among the states regulating biometric privacy that gives consumers the right to sue over violations.
Any private organization in the state must get express consent and explain their management policies for the data before collecting.
BIPA also lets plaintiffs sue for each time a business has required a biometric scan. A number of Illinois employers, as it happens, have been collecting finger and face scans at their time clocks, which could lead to decisions that could force a company to close.
But even as talk gets louder among businessowners about defanging BIPA, state Democrats have written a provision into an unrelated bill to increase the minimum penalty for violations. Right now, BIPA imposes a $1,000 fine for each negligent violation or $5,000 for each willful or reckless violation.
The states debating or operating under some version of a biometric privacy law include: Vermont, Tennessee, New York (which has considered multiple versions at a time), Nevada, Maine, Mississippi, Minnesota, Massachusetts, Maryland, Hawaii and Arizona.
Naturally, opponents of the idea are fighting in any state even considering related legislation.
Maine, which historically has run conservative/independent, is being governed by a slight liberal majority, is considering their own version of BIPA, according to a news service owned by Charter Communications, a communications company.
It also would allow consumers to sue for violations. Where consumers cannot sue, they must petition their state’s elected attorney general, which narrows the flow of suits and can put the politicians in a compromised situation where they have accepted campaign support.
In the state of Nevada, representatives of the Computer & Communications Industry Association last week testified against a health and biometric data privacy bill before a commerce and labor committee. The bill would require consent and public posting of data management policies.
The association’s position is that consumers have benefitted little from such laws and the suits reward trial lawyers for filing cases.
BIPA proponents say that is arguable until someone breaches a biometrics database and consumers find out belatedly that they were in they are compromised permanently.