It has been a busy four years for U.S. biometric privacy legislation. In that time, at least 27 state legislatures have attempted to give residents control over their most critical personal information.
Few campaigns have been rewarded with signed laws, but privacy advocates show few signs of capitulating or even softening their stances. So far this year, nine states are considering biometric privacy acts, according to trade publication Bloomberg Law.
Every one of them contains the same provision feared by businessowners – a private right of action, which enables private individuals to sue companies they feel have harmed them through non-compliance.
That is a key component of the most widely known related U.S. state law, Illinois’ Biometric Information Privacy Act. BIPA has proven efficient in separating defendants from hundreds of millions of dollars and, presumably, interrupting ill-considered biometrics deployments.
The 27 or so pieces of historical biometrics legislation are all modeled after BIPA, according to research by law firm Foley & Lardner.
To date, only the states of Illinois, Arkansas, Texas and Washington have actually passed biometric privacy laws. As of June 2021, according to Foley & Lardner, only five states had no existing or pending biometric laws.
The rest of the states and the District of Columbia continue to rely on privacy laws not written with BIPA in mind.
While privacy advocates have not been glaringly successful in converting their goals into laws, businesses often sound more conciliatory than they do.
The PR campaigns supporting or deriding BIPA-modeled legislation in the state of Maryland is instructive.
EPIC, the Electronic Privacy Information Center, favors Senate bill 169. In a statement on the advocacy group’s site leaders say they are working to “ensure the (proposed) law has a strong private right of action.”
Pitching for the other side in Maryland, the Computer & Communications Industry Association says it “strongly supports” data protection and acknowledges that “Maryland residents are rightfully concerned” about how their biometric data is safeguarded.
The association’s concerns seem technical. The proposed law does not give businesses time to comply.
Here are links to some of the 2023 proposed laws so far:
Mississippi (has since died in committee)
Arizona It has been a busy four years for U.S. biometric privacy legislation. In that time, at least 27 state legislatures have attempted to give residents control over their most critical personal information.
Few campaigns have been rewarded with signed laws, but privacy advocates show few signs of capitulating or even softening their stances. So far this year, nine states are considering biometric privacy acts, according to trade publication Bloomberg Law.
Every one of them contains the same provision feared by businessowners – a private right of action, which enables private individuals to sue companies they feel have harmed them through non-compliance.
That is a key component of the most widely known related U.S. state law, Illinois’ Biometric Information Privacy Act. BIPA has proven efficient in separating defendants from hundreds of millions of dollars and, presumably, interrupting ill-considered biometrics deployments.
The 27 or so pieces of historical biometrics legislation are all modeled after BIPA, according to research by law firm Foley & Lardner.
To date, only the states of Illinois, Arkansas, Texas and Washington have actually passed biometric privacy laws. As of June 2021, according to Foley & Lardner, only five states had no existing or pending biometric laws.
The rest of the states and the District of Columbia continue to rely on privacy laws not written with BIPA in mind.
While privacy advocates have not been glaringly successful in converting their goals into laws, businesses often sound more conciliatory than they do.
The PR campaigns supporting or deriding BIPA-modeled legislation in the state of Maryland is instructive.
EPIC, the Electronic Privacy Information Center, favors Senate bill 169. In a statement on the advocacy group’s site leaders say they are working to “ensure the (proposed) law has a strong private right of action.”
Pitching for the other side in Maryland, the Computer & Communications Industry Association says it “strongly supports” data protection and acknowledges that “Maryland residents are rightfully concerned” about how their biometric data is safeguarded.
The association’s concerns seem technical. The proposed law does not give businesses time to comply.
Here are links to some of the 2023 proposed laws so far:
New York
Massachusetts
Indiana
Iowa
Oregon
Maryland
Mississippi (has since died in committee)
Arizona Read More
