FB pixel

US states closely watching federal rule changes on biometrics

US states closely watching federal rule changes on biometrics
 

Amazon lost two notable biometrics arguments with a U.S. regulator this week, but they are miniscule compared to analyses that a new federal policy could enforce the most restrictive protections for privacy nationwide.

The last two biometrics cases decided before the Federal Trade Commission changed its privacy-policing guidelines involved Amazon’s Ring and Alexa biometric-recognition products. Amazon paid a combined $31 million to settle two allegations of unfair or deceptive business practices.

A judge must sign off on settlement and remediation recommendations.

The FTC sued the retail and infrastructure company for what commissioners say was unfair or deceptive in business practices involving face and voice identifiers. In particular, Alexa allegedly was recording children’s voices and geolocation data via Echo speakers, which are marketed for use by children.

In the case or Ring doorbells, commissioners alleged that Amazon employees and those of a Ukrainian contractor had unfettered download rights to Ring owners’ video feeds until 2017.

That news, however, is a point on a timeline. The new FTC policy, which could end up making the state of Illinois’ Biometric Information Privacy Act could become a de facto national standard.

BIPA requires companies doing business with Illinois residents to get express consent before gathering any biometric identifiers and telling customers how the data will be managed. [See Biometric Update coverage on BIPA’s growing influence.]

The impact of the law is large, especially for employers who have collected biometrics from all employees when they clock in and out of work, sometimes over years. Courts have interpreted the law to mean every violating collection can be illegal and subject to fine.

The FTC’s update of Section 5 of its charter is unrealistic and vague, according to an analysis of the law by a trio of lawyers from the law firm Faegre Drinker Biddle & Reath in trade publication Law360.

This is a larger problem than it might appear, according to the article. States today either require officials to hew to FTC policies or they do so out of practicality. In the absence of clarity about the meaning of unfairness in biometrics, states may go with the most conservative approaches and that is BIPA.

Following publication of this article Amazon provided the following statement to Biometric Update via email:

“At Amazon, we take our responsibilities to our customers and their families very seriously. Our devices and services are built to protect customers’ privacy, and to provide customers with control over their experience. While we disagree with the FTC’s claims regarding both Alexa and Ring, and deny violating the law, these settlements put these matters behind us.

We built Alexa with strong privacy protections and customer controls, designed Amazon Kids to comply with COPPA, and collaborated with the FTC before expanding Amazon Kids to include Alexa. As part of the settlement, we agreed to make a small modification to our already strong practices, and will remove child profiles that have been inactive for more than 18 months unless a parent or guardian chooses to keep them.

Ring promptly addressed the issues at hand on its own years ago, well before the FTC began its inquiry. Our focus has been and remains on delivering products and features our customers love, while upholding our commitment to protect their privacy and security.”

Article Topics

 |   |   |   |   |   |   | 

Latest Biometrics News

 

Best biometrics use cases become clearer as ecosystems mature

Biometrics are for digital identity, socio-economic development, air travel and remote identity verification, but not public surveillance, the most-read news…

 

UK Biometrics and Surveillance Camera Commissioner role survives as DPDI fails

UK parliament will not pass data protection legislation during the current session, following the announcement of the general election in…

 

EU watchdog rules airport biometrics must be passenger-controlled to comply with GDPR

The use of facial recognition to streamline air passenger’s travel journeys only complies with Europe’s data protection regulations in certain…

 

NZ’s biometric code of practice could worsen privacy: Business group

New Zealand is working on creating a biometrics Code of Practice as the country introduces more facial recognition applications. A…

 

Demonstrating value, integrated payments among key digital ID building blocks

Estonia has achieved an enviable level of user-centricity with its national digital identity system through careful legislation and fostering collaboration…

 

Strata Identity launches uninterrupted identity services product

There are a few things that can be more annoying than your office computer logging you out of applications because…

Comments

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Most Read This Week

Featured Company

Biometrics Insight, Opinion

Digital ID In-Depth

Biometrics White Papers

Biometrics Events