September 03, 2019 Feature

Growing Patchwork of Biometric Privacy Laws

Court lowers bar for standing, interpreting "aggrieved person" broadly

By Kristen L. Burge

Fingerprints, retinal scans, and facial recognition software offer additional security measures and efficiency for consumers. But unlike a password or barcode, biometric identifiers cannot be changed in the event of a breach.

A patchwork quilt of biometric privacy laws are stitched together across the nation

A patchwork quilt of biometric privacy laws are stitched together across the nation

Photo Illustration by Elmarie Jara | Edited by Genuine Pyun | Getty Images

As businesses gravitate toward biometrics, states grapple with how best to protect individuals’ biometric privacy. Illinois was the first to enact a comprehensive framework regulating the collection, use, storage, and disclosure of biometric information—the Biometric Information Protection Act (BIPA). To date, it is also the only biometric privacy statute to grant “aggrieved persons” a private cause of action. That, in turn, has raised questions regarding whether the law applies to individuals and companies outside the state, and whether plaintiffs must show actual harm from the statutory violation—often a key point of contention in privacy suits generally.

Premium Content For:
  • Litigation Section
Join - Now