FB pixel

Privacy group says data protections by US states differ greatly

Privacy group says data protections by US states differ greatly

Looking at the rising number of biometric privacy bills being floated by U.S. states, some civil liberties advocates are concerned that too many lack substantive consumer data protections.

As it happens, two of those states, Illinois and Maine, are working on biometrics legislation. One is (so far, at least) a stake-in-the-ground bill but the other does not spare the printer paper in suggesting restrictions on the use of consumer identifiers.

In Illinois, birthplace of the landmark Biometric Information Privacy Act, some lawmakers have proposed the Digital Voice and Likeness Protection Act, which would be applied retroactively.

While it has only recently been introduced, the Voice and Likeness Act focuses on how to properly transact a deepfake agreement.

The legislation would make it illegal to create and use a deepfake for something that the subject would normally have done. And anyone wanting to use synthetic identifiers would have to be clear in disclosing all proposed uses of them. Last, the subject would have to be adequately represented in the transaction.

That’s just about all the act has to say at this point and, as such, likely would not be rated highly by EPIC, the Electronic Privacy Information Center. The advocacy group has issued a report critical of state privacy law efficacy.

Nonprofit public interest group the U.S. PIRG joined EPIC with the report. Privacy legislation is categorized differently in the industry, which likely explains why Illinois is not one of 14 states analyzed for the report.

Enacted laws in nine states received poor or failing grades in the report. Iowa’s effort was rated four out of 100. The top-ranked law was in California, and it scored a not-so-respectable 69.

Strong legislation, the groups say, must require data-minimization obligations. It has to regulate all uses of biometrics data and create strong civil rights safeguards. Strong regulatory and enforcement powers must be enacted. And consumers must be able to take violators to court.

Without a thorough analysis of Maine’s Voice and Likeness legislation, it is difficult to say how closely it hews with the report’s guidelines. But that’s only because the act is dense with rules, definitions and remedies.

It covers several categories of consumer privacy with a focus on protection of all biometric identifiers. It also addresses protections for children under the age of 18.

The core of the document would be familiar to anyone who has read Illinois’ BIPA. Consent is required. Retaliation against someone covered by the law who refuses to give consent is prohibited, and the like.

But the details for privacy are unusually deep. Companies would have to have privacy policies, design evaluations, retention schedules and algorithm risk assessments.

For example, companies would be required to “mitigate privacy risks, including substantial privacy risks, related to the products and services of the covered entity or the service provider, including in the design, development and implementation of those products and services, taking into account the role of the covered entity or service provider and the information available to it”.

Article Topics

 |   |   |   |   |   | 

Latest Biometrics News


FIDO Alliance introduces passkey Design Guidelines to optimize UX

New guidance on how to implement passkeys for optimal user experience have been published by the FIDO Alliance. FIDO’s Design…


Interpol exec calls for more biometrics sharing to combat cross-border crime surge

Speaking at a recent event in London, Stephen Kavanagh, executive director of police services at Interpol, warned of a “new…


NSW launches digital inclusion strategy consultation on equitable service access

The New South Wales (NSW) government has initiated a call to action for local communities, industries, community organizations, and government…


Could be 25 years before TSA gets facial recognition in all US airports

The Transportation Security Administration (TSA) foresees significant delays in implementing facial recognition across U.S. airports if revenue continues to be…


Single solution for regulating AI unlikely as laws require flexibility and context

There is no more timely topic than the state of AI regulation around the globe, which is exactly what a…


Indonesia’s President launches platform to drive digital ID and service integration

In a bid to accelerate digital transformation in Indonesia, President Joko Widodo launched the Indonesian government’s new technology platform, INA…


Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Most Read This Week

Featured Company

Biometrics Insight, Opinion

Digital ID In-Depth

Biometrics White Papers

Biometrics Events