Does Facial Recognition violate privacy laws? Tag Archives

August 27, 2019

Employers Need Permission to Collect Biometrics

Employers who collect fingerprints, face scans, or other biometric information such as retina or iris scans from employees or customers would be well-advised to ask permission and explain their purpose for collecting this data. If they don’t, they could be legally liable.

That’s in the wake of a relatively liberal interpretation of the Illinois Biometric Information Privacy Act (BIPA), which regulates the handling of biometric data, from the Illinois Supreme Court. The result of the ruling is that state-level lawsuits have greater latitude than those filed in federal court—but even suits dismissed at the federal level can sometimes be refiled in state court. The law remains in flux when it comes to what, exactly, constitutes biometric data. Photographs are not considered biometric identifiers, for example, but a software application that collects facial scans could be—and even federal courts have allowed for relatively broad interpretations on this front, mindful of the galloping pace of technological advances.

The Illinois Supreme Court in January defined an aggrieved person as anyone whose information is collected without their consent or knowledge, even if they were not harmed in the process, in the case Rosenbach v. Six Flags Entertainment Corp. (2019 IL 123186), issued on January 25 of this year and previously detailed on this blog. This means employers are liable for $1,000 in damages for each negligent violations and $5,000 for each intentional violations. For example, if an employer fingerprints employees each day as they check in and out of the office, and does not notify employees of the collection and storage of these fingerprints, the business could be fined $2,000 per day per employee. Perhaps not surprisingly, at least 90 class-action lawsuits alleging violations of BIPA have been filed since January in Illinois state courts.

July 30, 2019

Do You Have the Right to Say No to Facial Scanning at the Airport?

by George Bellas

You might not realize it’s happening, and you definitely might not realize you have the right to object. But when you enter an airport in 2019, it’s possible that your airline—or the federal government—are scanning images of your face for their security-related purposes.

Say No to Airport Facial Recognition

This facial-recognition technology can be used during check-in, baggage drop, security and boarding. For the most part so far, it’s mostly only been deployed for international flights, to confirm passenger identity at the behest of Customs and Border Protection. But airlines and the Transportation Security Administration are considering doing so for domestic flights, as well.

March 12, 2019

Six Flags Biometrics Suit Should Raise Red Flags for Businesses

by George Bellas

After a teenage boy was fingerprinted without written consent when he purchased a season pass to Great America, his mother sued Six Flags for violation of the Illinois Biometrics Act. In January the Illinois Supreme Court unanimously found that plaintiffs can bring a private cause of action for violations of the state’s biometric privacy law’s notice and consent requirements, even if they can’t show any harm.

The court found (Rosenbach v. Six Flags Entertainment Corporation) that individuals have control of, and a right to privacy over, their biometric identifiers, such as voice samples, retina scans and facial geometry, in addition to fingerprints. Because neither the son nor the mother consented in writing nor signed a written release for the taking of the fingerprint, and because Six Flags did not provide documentation about how long they might retain the data before destroying it, the court found the theme park violated these rights.

This decision underscores the fact that biometric privacy is quickly becoming an area of the law with greater application for businesses—and that they need to start paying attention, particularly as technology ramps up to a whole new level with the advent of microchips. About the size of a grain of rice, these chips have been voluntarily implanted in the hands of employees at several companies and work like a card reader, providing the ability to open doors, get into company accounts and order from company vendors.

December 17, 2017

Is Facial Recognition Technology an Invasion of Privacy?

by Bellas & Wachowski - Attorneys at Law

The burgeoning science of biometrics both excites and unnerves people, the subject of both a razzle-dazzle upgrade in the new iPhone X and a growing body of privacy-related litigation in Illinois stemming from the 2008 passage of the Biometric Information Privacy Act.

That law requires companies using biometric data—which includes facial scans, fingerprints, iris scans and any other identification data except for a person’s name and demographics—to obtain a consumer’s consent to use the data, explain how it will be used, and tell them how long it will be retained. The consumer must sign a written release acknowledging this.

Companies and other organizations that violate the terms of that release can be and have been sued under the law, which is designed to protect individuals against the risk of identity theft in financial transactions and security screenings. Biometrics are considered a better security risk than even a Social Security number, since that can be changed; but they’re also a greater risk for individuals since they’re biologically unique and once compromised leave a person permanently vulnerable.