The new iPhone X uses facial recognition instead of a thumb print. That is cool, right?
Not so fast. Facial recognition software is just one of a group of metrics that is referred to biometrics, which includes facial scans, fingerprints and iris scans and all verification or identification data excluding the individual’s name and demographics. And there are serious privacy concerns with the use of this biometric data.
What makes this more interesting is that Illinois has a very strict law about the use of this data. The Illinois Biometric Information Privacy Act was adopted in 2008 and requires companies using biometric data to get the consumer’s consent to use the data and to explain how it will be used and how long the data will be retained. And, it gives consumers the right to sue the companies for using the biometric data. It is this penalty which is promoting a number of suits that have been filed in Illinois regarding the use of the biometric data.
What’s the big deal? The Illinois law was passed to protect against the risk of identity theft resulting from the use of biometric data in financial transactions and security screenings. Biometric data is considered to a better security measure than your Social Security Number of passwords, which can be changed. But that’s not the issue.
The issue is that companies who collect the data must inform the consumer in writing as to how the data will be used and how long they will retain the data. The consumer must give the collector of the data a written release.
Businesses which use this type of data include Facebook, Google, Shutterfly, Six Flags and Snapchat, all of which are rich targets for lawyers.
Employers might have a problem with biometric data. For example, employers who use biometric information for timekeeping purposes have a problem unless the employees allow the use of the data and for the length it will be used. Employers have been a fertile field for class actions which allege a violation of the Illinois law. If your business is using this type of data in its business, the policies as to the use must be evaluated and reviewed with your corporate attorney.
As for the new iPhone X, the thumb print has been replaced with a “Face ID” which uses facial recognition tech to make your face your new password. The data is collected by Apple, and there needs to be some protection of the data for consumers. Apple has a good record on privacy protection, but the real problem is with the many apps on the iPhone and will use Face ID in their apps. Apple is still working on methods to protect consumers personal data. Illinois law gives local consumers some protections, but the rest of the country has not yet caught on to the privacy concerns.
This is a developing area of law that needs to be fully addressed before business owners decide to jump on the facial recognition bandwagon.