FB pixel

Illinois considers how best to neuter its landmark biometric privacy law

Illinois considers how best to neuter its landmark biometric privacy law
 

Lawmakers in the U.S. state of Illinois finally are debating a viable way to save businesses using biometric scanners mountainous fines when they violate local data privacy law.

But pols think they have a way to also protect people’s identifiers from being misused in ways that would disadvantage them for life.

Ever since the first huge fines were handed down as a result of Illinois Biometric Information Privacy Act class actions, the question has been asked: When will politicians act on growing business frustration and even anger? The Illinois statehouse is as adept at currying favor from moneyed interests as any other government, if not moreso.

BIPA was enacted (and ignored) in 2008 to give people more control over their identifiers in business transactions. The law forced businesses to get express consent before collecting any biometric data from a person and to explain how the data will be managed.

But, crucially, the legislature and state courts have given people the right of private action and allowed fines of $1,000 or $5,000 for every time a non-conforming scan is recorded. They can also sue for actual damages.

Large employers in Illinois who have used a fingerprint scanner to track employees’ time have paid hundreds of millions of dollars in fines and one restaurant chain could face billions of dollars in fines.

Of course, BIPA has been around, sometimes, for decades before a biometric time clock was installed at most businesses. Even observers sympathetic to businesses have a hard time explaining how companies got themselves into their situation.

The new language so far has made it out of committee in the upper house.

Senate-crafted additions to the language of BIPA are not many but they are major and there’s a good chance they will be reviewed widely.

People could sue only for the first time they were the victim of a private entity violating the law.

That would limit payouts by orders of magnitudes smaller, possibly making them less attractive to attorneys and would-be plaintiffs. Even now, individual plaintiffs rarely take home more than $1,000 if their case is won.

Also, the bill would create a big, so-far vague loophole. A private entity wielding a biometric scanner would not need consent if it does so for security, if the identifier is used only for security, the data is held no longer than reasonably necessary for a process and a schedule for deletion is documented.

That noted, the legislation specifically calls out biometric time clocks and locks. They would be immune to the updated BIPA if they produce mathematical representations of biometric identifiers (templates) rather than images.

Assuming the relative strength of encryption algorithms holds, employees should be better protected against misuse of their identifiers.

Article Topics

 |   |   |   |   |   | 

Latest Biometrics News

 

Biometrics cutting the line of in-person payments innovations: Mastercard

Mastercard sees biometrics for in-store payments as a part of a broader shift towards seamless interactions of all kinds, as…

 

Innovatrics cuts fingerprint error rate by 20%, upgrades SmartFace platform

Innovatrics has reported its best-yet scores in NIST’s fingerprint biometrics testing, and added a new feature to its facial recognition…

 

Canadian cruise terminal gets Pangiam face biometrics for ID verification

The Vancouver Fraser Port Authority and U.S. Customs and Border Protection (CBP) have joined forces to implement face biometrics for…

 

Atlantic Council stresses importance of DPI, data for stronger digital economies

The Atlantic Council has highlighted the importance of digital identity and digital public infrastructure (DPI) in birthing and growing strong,…

 

Sri Lanka extends bid deadline for national digital ID project

The Government of Sri Lanka has extended the deadline for the submission of bids for the procurement of a Master…

 

Rights groups urge Clearview plaintiffs to opt out of settlement

Activist groups in California are urging members of a class action against Clearview AI to reject the settlement recently agreed…

Comments

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Most Read This Week

Featured Company

Biometrics Insight, Opinion

Digital ID In-Depth

Biometrics White Papers

Biometrics Events