Sedona Conference rolls out primer on biometric systems and privacy law

The window for public comment on the Sedona Conference’s U.S. Biometric Systems Privacy Primer closes on April 8, 2024. Released in February and covered in a webinar on March 28, the document is intended as an introduction to biometric systems and the law for judges, lawmakers, government regulators, and attorneys advising organizations considering the use of biometric systems, says a press release from the Sedona Conference.

Per the release, the Primer “catalogs the primary benefits and risks of biometric systems in neutral terms to allow readers to balance the factors and make informed decisions,” summarizing existing biometric systems laws in broad terms to factor in rapid changes in biometric technology and policy. It was drafted by a group of attorneys who represent both plaintiffs and defendants in privacy and data breach suits, in consultation with technologists. A large part of the process involved reconciling inconsistent definitions of “biometric systems,” to bring technical conversations in line with legal frameworks.

Aimed at a general audience of legal professionals, the Primer is a useful reference for anyone looking to understand biometrics in a legal context. It covers the design and architecture of biometric recognition systems, with detailed sections on specific modalities; benefits and drawbacks; and an overview of the U.S. biometric privacy legal landscape.

A strong theme is the need for adaptability in a market and regulatory environment that is evolving daily. “The rapid evolution of the legal landscape in this area means that any summary of existing laws risks becoming outdated even before it is published,” says the Primer. It notes the prevalence of laws that “do not entirely prohibit the private use of biometric technologies and/or collection, storage, and use of biometric information,” but instead “impose varying notice, consent, storage, and security requirements and limits on the sale, disclosure, and reuse of biometric information.”

Put another way, biometric tech is generally allowed, but regulated – increasingly so, on both counts.

Another noteworthy conclusion of the Primer’s drafting committee is the importance of prioritizing privacy and fairness in biometric deployments. “In general, organizations that are selecting or designing biometric recognition systems should consider how best to protect individual privacy when the biometric data is collected from subjects, when the biometric data is used for its intended purpose, and at any subsequent decision point when new purposes are considered,” it says. “Each of these steps represents distinct moments of risk and may have different answers.”

“Organizations should also consider how their systems may directly or indirectly discriminate against different demographic groups.”

The U.S. Biometric Systems Privacy Primer is available free to download here.

Article Topics

biometric data  |  biometrics  |  data privacy  |  data protection  |  legislation  |  Sedona Conference