FB pixel

Could the right to sue remake US biometrics privacy lawsuits?

Could the right to sue remake US biometrics privacy lawsuits?

The provision in the U.S. that seems to be the biggest stumbling block for states trying to enact comprehensive biometric privacy laws is private right of action.

More state legislators were attracted to the issue of biometric privacy rights in 2023 than ever before, but many proposed bills have stalled or died in committee. All of those efforts carried core language first written in the state of Illinois 15 years ago when the landmark comprehensive Biometric Information Privacy Act became law.

Common are provisions that exempt any health care-related data, fines of $1,000 to $5,000 per violation, informed consent mandates and profiteering prohibitions.

(“Per violation” is appears in all them and few if any spell out that phrase. Defining it will save or cost defendants dearly.)

A private right of action means that individual private citizens can sue for violations or band together in class actions. The alternative to this in passed and pending legislation is giving a state’s attorney general sole authority to sue over biometric data abuses.

Business would rather no one be able to sue them at all, but the attorney general route is the preferred of the two because they can lobby AGs, who are elected, to remain passive or to cherry-pick cases to reduce their impacts if they lose. Also, they can also dissuade potential plaintiffs by collecting damages and putting them in state coffers rather than people’s hands.

What really has enraged some in the Illinois business community over BIPA is right of action. (Some proposed state laws allow for both private and state lawsuits.)

This enables anyone to sue for damages, and is coupled with “per violation” language in bills, which in the case of BIPA, has been defined as every illegal biometric scan. The result has been some comparatively huge awards in class actions.

An association of entrepreneurs, startup venture capitalist and policy analysts called Engine wrote a report this year about patchwork privacy legislation. Group members are unhappy. They would rather there be a single federal law governing this sector of the economy.

Compliance would be easier and cheaper that way. It also is easier and cheaper to try to influence one law than 50 (more likely a multiple of 50) state biometric laws, both comprehensive and sector like health care).

Engine analyzed policies in five states that have enacted comprehensive biometric privacy laws – California, Virginia, Colorado, Connecticut and Utah.

Four of the five offer no private right of action. The fifth, California, enacted a limited right.

Correlation is not causation, of course, but it is significant that one of the hated provisions of BIPA, right of action, is found far more often in unenacted laws than in successful legislation.

Arizona’s latest bill offered private right of action. As did work by Hawaii, Maine, Maryland, Missouri, Minnesota, Mississippi, New York, Tennessee and Vermont.

Notably, Kentucky has crafted a related bill that includes a right of action, but an amendment has been proposed that would remove it.

Taken together, these state-level bills could dramatically impact how biometrics are deployed and regulated across the United States as soon as 2024.

Article Topics

 |   |   |   |   | 

Latest Biometrics News


Digital identity leaders shepherd wallets into the mainstream

Discussion and debate at the European Identity and Cloud (EIC 2024) conference focused largely on how to achieve trust among…


Suprema, Strata Identity, Gunnebo gain security certifications

Recent certifications for Suprema, Strata Identity, Gunnebo and ISS reflect the broader industry trend towards stringent information security measures, ensuring…


Biometrics entering everyday activities via rising technologies

Biometrics underpin the new technologies that people will soon use on a daily basis for everything from payments to age…


Anticipation for Metalenz and Samsung’s answer to Face ID mounts

After Samsung and Metalenz collaborated to incorporate Samsung’s Isocell Vision 931 image sensor into Metalenz’s Polar ID imaging technology, Mashable…


Germany beefs up border security ahead of UEFA Championship

Germany has been ramping up security measures such as border checks and CCTV surveillance in preparation UEFA European Football Championship…


Inverid and Cybernetica team up to secure digital ID, signatures with biometric MFA

A new partnership has been formed by Inverid and Cybernetica to combine the NFC ID document-scanning capabilities of the former…


Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Most Read This Week

Featured Company

Biometrics Insight, Opinion

Digital ID In-Depth

Biometrics White Papers

Biometrics Events