It’s been a busy week of regulatory news in the world of biometric and identity technologies. Here’s our roundup of some of the most important developments, including ongoing BIPA proceedings:
The FTC has issued an Advanced Notice of Proposed Rulemaking concerning the protection of consumers’ privacy online. The notice is the first step in an effort on the Commission’s part to take a greater role in regulating surveillance data security in the digital space. The FTC is requesting comment on a range of relevant topics, including whether it should consider limiting commercial surveillance practices that use biometric technologies.
Scotland is poised to implement a code of practice around the use of biometric technologies and data in policing and criminal justice. The regulations are expected to be presented to Scottish Parliament on September 7, and to take legal effect on November 16. A draft version of the code was passed by Parliament earlier this year without amendment.
New Zealand’s new Privacy Commissioner, Michael Webster, has issued a consultation paper requesting public comment on the use of biometric technology. Public feedback will be collected until September 30, and the Office of the Privacy Commissioner says it is aiming to “share its findings and proposed regulatory approach” by the end of the year.
Vietnam’s ruling Communist Party has decreed that technology firms will be required to store all user data locally, and to establish local data storage offices, within 12 months. This applies to data “ranging from financial records and biometric data to information on people’s ethnicity and political views,” the decree explained. Government authorities will have the right to request user data for investigative purposes. The decree comes from a government that “maintains tight media censorship and tolerates little dissent,” according to Reuters.
The BIPA Beat:
Snap has filed a request for a stay of proceedings in its BIPA lawsuit. Thirty-one plaintiffs are suing the company under Illinois’s biometric privacy law over the collection of their face biometrics when using the Snapchat social media platform. But there is a disagreement over whether they are correct to make damages claims “per scan”, with Snap arguing that plaintiffs can make a claim concerning only the initial biometric scan. Snap says the case shouldn’t proceed until the Illinois Supreme Court resolves the question in a separate BIPA case, a ruling that is expected in the near future.
McAlister’s Deli in Orland Park, Illinois, has settled a Biometric Information Privacy Act lawsuit for $90,000. Employees alleged that the restaurant franchise did not obtain their express written consent for fingerprint scans used to clock in and out. There have been some eyebrow-raising BIPA cases against high-profile companies like Google and Estée Lauder; McAlister’s Deli is one of the many lower-profile companies to be caught in the BIPA dragnet.
August 19, 2022 – by Alex Perala