Snapchat’s parent company is defending against a class-action lawsuit in the U.S. District Court for the Northern District of Illinois brought by two platform users identified as Adrian Coss and Maribel Ocampo. 

The lawsuit alleges that the platform violates the Illinois Biometrics Information Privacy Act by failing to provide users with the required disclosures under the act while collecting, storing and sharing users’ unique facial features and voices. 

The Illinois Biometric Information Privacy Act enacted in 2008 was an important first step in developing policy on biometrics. According to the law, a private entity possessing biometric information accessible to the public must have a retention schedule and policy for permanently destroying biometric information. Additionally, there are restrictions on how a private entity may collect, capture, purchase, receive through trade, or otherwise obtain a person's or a customer's biometric identifier or biometric information. Most importantly, this law requires obtaining written consent prior to collecting biometric information as the law provides a private right of action for anyone injured under the Act. 

Lanton Law’s technology practice, which includes biometrics and privacy issues, has been monitoring the Illinois Biometric Information Privacy Act for some time. We have posted several blogs addressing this issue as companies continue to evolve biometrics into their business models. 

Lanton Law is a national healthcare and life science boutique law and government affairs firm that closely monitors legislative, regulatory and legal developments for our clients. Our healthcare practice can help stakeholders understand what’s at issue so that we can help our valued clients reach their goals. Contact us to learn about how either our legal or lobbying services can help you attain your priorities.   

Lanton Law’s publications should not be construed as legal advice on any specific facts or circumstances. The contents are intended for general information purposes only and may not be quoted or referred to in any other publication or proceeding without prior written consent of us. To request reprint permission for any of our publications, please use our “Let’s Chat” form, which can be found on our website at www.lantonlaw.com. The mailing of this publication is not intended to create, and receipt of it does not constitute, an attorney-client relationship.

On February 26, 2021 in the United States District Court Northern District of California, the Court found that Facebook was ordered to pay $650 million. This issue derived from the underlying lawsuit alleging whether the collection of an individual's biometric data in violation of the Illinois Biometric Information Privacy Act is sufficient to establish Article III standing. As a result of this dispute, the company’s automatic facial recognition tagging features are now an opt-in feature instead of being an opt-out choice. 

The Illinois Biometric Information Privacy Act enacted in 2008 was an important first step in developing policy on biometrics. According to the law, a private entity possessing biometric information accessible to the public must have a retention schedule and policy for permanently destroying biometric information. Additionally, there are restrictions on how a private entity may collect, capture, purchase, receive through trade, or otherwise obtain a person's or a customer's biometric identifier or biometric information. Most importantly, this law requires obtaining written consent prior to collecting biometric information as the law provides a private right of action for anyone injured under the Act. 

Lanton Law’s technology practice which includes biometrics and privacy issues, has been monitoring the Illinois Biometric Information Privacy Act for some time. We have posted several blogs addressing this issue as companies continue to evolve biometrics into the business models. As 2021 unfolds we confidently believe that legislative and regulatory oversight will increase leading to more litigation that fine tunes points left unanswered about this emerging field. 

We at Lanton Law can help. Our legal and policy tools can help offer your organization a clear path forward to navigate what will be changing policies for technology stakeholders. Contact us today to discuss your options.   

The New York State legislature has introduced Assembly Bill 27, which seeks to make New York the fourth state to enact a biometric privacy law. If successful it will be the second state that will allow consumers a private right of action to see companies for improper data handling. 

New York is definitely taking its cue from Illinois, as that state became the first to require businesses to collect biometric data to provide notice and obtain the owner’s written consent prior to using this information. We have written about the Illinois Information Privacy Act or (BIPA) in a previous post. 

The New York proposal seeks to do the following: 

Establishes the biometric privacy act; requires private entities in possession of biometric identifiers or biometric information to develop a written policy establishing a retention schedule and guidelines for permanently destroying biometric identifiers and biometric information when the initial purpose for collecting or obtaining such identifiers or information has been satisfied or within three years of the individual's last interaction with the private entity, whichever occurs first. 

New York has enacted facial recognition laws in the past. In December 2020 Governor Cuomo released a press statement where he signed A6787-D/S5140-B into law that suspended “the use of facial recognition technology and other kinds of biometric technology in schools, directing a study of whether its use is appropriate in schools and issuing recommendations. The legislation places a moratorium on schools purchasing and using biometric identifying technology until at least July 1, 2022 or until the report is completed and the State Education Commissioner authorizes its use, whichever occurs later. It applies to both public and private schools in New York State.” 

Proposed Assembly Bill 27 shows that New York will continue to press forward in this area and will likely inspire other states. If you are a biometric, Health IT/digital health or technology stakeholder, your interests will be impacted.    

Lanton Law is a national boutique law and lobbying firm that focuses on healthcare/life sciences and technology. Contact us today to learn about your organization’s options to prepare for additional regulatory oversight.