BIPA Amendment Put on Hold After Backlash from Privacy AdvocatesJune 2, 2016 | Articles
A recent article in DataGuidance reports that a proposal to amend Illinois' Biometric Information Privacy Act (BIPA) has been put on hold.
BIPA's provisions authorize consumers to pursue statutory damages for unlawful collection and storage of biometric identifiers. The law has served as the basis for a number of class-action suits against tech giants Shutterfly, Facebook, and Google for their use of facial recognition technology without the written consent of consumers.
In what many suspect is a response to aggressive lobbying efforts by social media companies, Illinois Senator Terry Link introduced an amendment to narrow BIPA's scope to encompass only in-person scans. The exclusion of photographs from BIPA's language contradicts all logic and would leave consumers with no line of defense against the unrestrained use of their most personal and unchangeable information.
Senator Link recently shelved the proposal. CRMG partner David P. Milian, representing plaintiffs in the firm’s class-action biometrics suits, discussed the latest development with DataGuidance:
"We suspect that the proposed Amendments were introduced in an effort to immunise Facebook, Google, and others, from liability in the lawsuits they are facing. That's because two federal courts have looked at whether BIPA regulates facial recognition technology as applied to uploaded photographs (in cases against Shutterfly and Facebook) and both federal courts have held that the statute unambiguously regulates the activity. It appears that the proposed Amendments are an effort to achieve through new legislation what these social media companies have been unable to achieve through the courts. Absent a retroactively applied amendment to BIPA, the pending lawsuits against Facebook and Google should proceed to trial.
An 'in person scan' using a 'detector' or 'electronic beam' is not how companies are actually obtaining consumers' biometric data in the real world. If the intermediation of a photograph excused all subsequent processing into a biometric identifier, as the Amendments would have done, then practically all biometric data gathered and stored against consumers' wishes would be free from regulation and thus wholly permitted. Simply stated, the Amendments would have entirely swallowed the rule against unauthorised collection of biometric identifiers, rendering the statute and its promises of protection entirely hollow.
Obtaining consumer consent after full disclosure is the key to compliance with BIPA. Going forward, I would hope that companies begin to disclose their practices and obtain express consent before taking consumers' biometric data. I think those who side with consumers and privacy interests would agree that the Illinois legislature got it right in 2008 when it enacted BIPA. The statute should not be amended so that it becomes wholly inapplicable to the most compelling case for its application."
Read the full article on DataGuidance here.