Biometric Data Pushes Privacy Law Progress
Biometric recognition is becoming increasingly common. Fingerprint scanning capabilities are seen on more smartphones, and airports are using fingerprint and facial recognition technology to identify people. Home security cameras can learn to recognise frequent visitors, and Sony’s robotic dog Aibo learns who individuals are, and then reacts to them differently.
This is a brave new world indeed, and just as with so many other aspects of technology, our legal frameworks are playing catch-up. Regulation of Artificial Intelligence has been called for to ensure that the machines benefit our lives, and not the other way around. In a similar vein, companies and advocacy groups are asking for rules regarding the protection of biometric data privacy.
Regulations in Different US States
The strictest regulations so far, in the United States, are in Illinois. Here, the Biometric Information Privacy Act, or BIPA, has been enforced since 2008. The stated goals are to regulate how “biometric identifiers and information” are collected, used, protected, handled, stored and destroyed.
The so-called identifiers are defined as iris, hand, retina and face scans, as well as fingerprints and voiceprints. The BIPA says that companies and individuals need a person’s informed, written consent before using their biometric data.
Laws have also been passed in Washington and Texas. A 2009 law in in the Lone Star State describes biometric identifiers in almost exactly the same way as the BIPA, and also stipulates the need for informed consent from an individual before this information is used. New Hampshire, Michigan, Montana and Alaska are also all working on their own legislation in this area.
Significantly, data of this kind can be used for governmental or federal reasons. In Washington, the 2017 House Bill 493 explicitly omits this information, when used under the 1996 Federal Health Insurance Portability and Accountability Act, from its definition of biometric identifiers.
Company Compliance Called In To Question
Organisations are adopting their own approaches to obeying data privacy regulations. Sony has elected to simply not sell Aibo in Illinois, while Nest sells their Cam IQ Indoor security camera with the facial recognition capabilities disabled in that state.
Non-profit group the Electronic Frontier Foundation, which advocates for digital privacy, says state-wide regulatory measures are important. Adam Schwartz, a senior staff attorney for the group, has cautioned against the “normalisation” of obtaining and using biometrics in everyday life. Having access to that kind of data on people brings a lot of power and, as always, that comes with great responsibility.