Increasingly, there has been a trend of people using biometric authentication, such as fingerprints and facial recognition to improve the security on their devices. However, many people are concerned that this data is being used without their consent by tech companies. Hence why some states are passing laws that require tech companies to ensure that their privacy is secure.
In 2008, Illinois passed its Biometric Privacy Act of 2008 (BIPA). Considered to be one of the most stringent laws of its kind in the country. The law requires informed and written consent by the customer before a company is allowed to collect certain data such social security and facial recognition. “BIPA creates a private right of action for a person aggrieved by a violation of the statute, with damages ranging from liquidated damages of $1,000 or actual damages for a negligent violation (whichever is greater), to liquidated damages of $5,000 or actual damages for an intentional or reckless violation (whichever is greater).”
Laws like this can lead to suits where companies have to prove they are collecting it correctly. In Illinois, a family sued Six Flags because they fingerprinted a 14-year-old without anyone’s consent. Six Flags argued it couldn’t be held liable unless the plaintiff demonstrated a tangible injury from the unauthorized collection, often a difficult task in privacy lawsuits. If successful, Six Flags would have significantly limited BIPA’s power and made facial recognition much easier for companies like Facebook and Google. The Illinois Supreme Court however disagreed, arguing that this comes into effect with as little as violating their privacy.”
As biometric authentication begins to become popular for security, customers need to understand that they have a right to privacy. Most companies can’t legally collect the information without consent. This also applies to your own company, meaning that you have the right to protect yourself.