It has been a bumpy ride of late in biometrics privacy and products
It might be a slow start to summer for some business sectors in the U.S., but not for biometrics privacy.
The trajectories of three lawsuits and proposed legislation have changed and while only one of those court decisions is final, the others are not insignificant events for the litigants.
Starting with the legislation, a biometrics bill sits ready to be signed by the governor in the state of Oregon.
SB619 is privacy legislation with detailed, though not comprehensive, protections for consumers and their biometric identifiers. It would not enshrine a consumer’s right to sue for violations, which many privacy advocates insist on, but rather makes people ask the state’s attorney general to act. Penalties could reach $7,500 for each violation.
Advocacy publication Consumer Reports says SB619 would add to legal descriptions of personal data that information linked to an electronic device. Editors of the bill have recommended its signing.
Businesses would have to get express consent before collecting information and state how it would be used and managed. However, it also has a confusing list of deadlines for data controllers.
But the law would also treat requests for information held by a controller like a credit score. Residents would be entitled to one free report every 12 months. After that, “a reasonable fee” can be charged for access when the status of data can change multiple times a second.
Meanwhile, it being a day ending in “y,” there is news from the state of Illinois involving its Biometric Information Privacy Act.
A federal judge hearing a privacy case (21-cv-03229) involving Microsoft and a pair of Uber drivers said this week that Microsoft could avoid a longer BIPA trial by invoking a contract provision between the drivers and Uber.
The provision requires claimants to take disputes to arbitration, not court. Settling an agreement through arbitration not only is far more likely to result in a smaller payout, but it’s also easier for vendors to control arbitration outcomes.
The Illinois drivers claimed that face scans they were required to participate in using Microsoft’ Face algorithm violated the privacy act, according to trade journal Law360. After two years of litigating the case, Microsoft apparently discovered that it had this get-out-of-BIPA-court-virtually free card.
Amazon, this week, was not as lucky as its frenemy Microsoft. Another Illinois federal judge popped the company’s balloon when he ruled it and some subsidiaries have to stand for a BIPA proposed class action (22-cv-5159).
Amazon is accused of violating the act by forcing its warehouse workers to have their faces scanned for their badges, according to Law360. Then, the plaintiffs say, the images and subsequent selfies were shared by Amazon, the parent, with Amazon.com Services and Amazon’s Web Services units without express consent.
Some of Amazon’s reasons for seeking a dismissal seem thin even to the non-lawyer eye.
Its lawyers said it was an “illogical” assumption that just because warehouses are covered by an intense net of cameras face scans would be used to identify workers. The plaintiffs say that the cameras surveil individuals including when and for how long someone is in a bathroom.
Then there is the tangentially related biometrics-patent infringement case that Apple won.
Software firm FaceToFace Biometrics in April 2022 sued Apple, alleging that the latter had stolen an emoji app from the former.
Apple’s app, on the iPhone and iPad, uses a person’s expressions to create cartoon avatars. The judge dismissed FaceToFace claim, saying it was “too abstract” to be eligible for a patent, according to trade publication Bloomberg Law.
Article Topics
Amazon | biometric identifiers | Biometric Information Privacy Act (BIPA) | data protection | face biometrics | legislation | Microsoft | Oregon
Comments