This article, Just How Scared of FaceApp Should You Be?, appeared in the publication Legaltech News, where BIA’s Brian Schrader discusses the features and risks of biometric recognition systems for portable devices.
Smartphones, tablets, and other devices now come with biometric recognition technology as a standard feature. With such speedy and detailed I.D. verification technology, users are encouraged to use fingerprints or facial identification to log in to certain secure apps or unlock their entire device. Some photo-oriented apps, like FaceApp, revolve entirely around scanning a user’s facial features. Workplaces often use employee fingerprints for mandatory security login systems, such as clocking in and out for shifts, or for access to protected floors. Certainly, it’s convenient when there’s no password for the user to remember (or forget), but what if a user’s biometric data – which, unlike a password, cannot be changed or reset so easily – were captured by someone with bad intentions?
There has already been litigation and, correspondingly, new privacy laws around this data. For example, the FBI and ICE use AI-based technology to analyze faces in driver’s license photos without the subjects’ consent. Or there are the class-action suits filed against an amusement park in Illinois that kept riders’ fingerprints on file without the customers’ knowledge, through the park’s FastPass system. Illinois enacted the Biometric Information Privacy Act (BIPA) in 2008 to start wrangling with such biometric data, and other states are creating their own privacy regulations. Still, though the amount of this sensitive and unchangeable data is only increasing, not every state legislature has caught up. The European Union has GDPR, but in the U.S. at the moment, it’s still the “Wild West” of data privacy laws.
On the one hand, biometric data is still somewhat secure compared to simple passwords or codes – to gain access, you need the party’s finger, face, or retina at hand. On the other, we don’t yet have consistent biometric data privacy laws or regulations, and we don’t know what possible consequences there could be for further developments in biometric technology down the line. We should be mindful of this sensitive data and balance its usage and potential for innovation with appropriate privacy and protection.
Understand your biometric data privacy compliance.
What kind of face and fingerprint data does your company hold onto? Do you know the ins and outs of the patchwork of privacy regulations enacted within the USA (and around the world)? Compliance shouldn’t be taken lightly. You need experts who understand the current and future legal scope of the technology – as well as the way the data is stored.
Consult with BIA’s data privacy compliance experts today. As eDiscovery experts, we are all about understanding how to parse, filter, connect, and store massive amounts of data and keeping up with all possible legal implications. Biometric recognition is yet another aspect we consider. When it comes to your company’s data practices, we can guide you through the GDPR, CCPA, BIPA, and other regulations – or help you get the jump on data privacy if your region hasn’t yet caught up.
Consider the dangers of biometric technology.
Read more about how biometric data is used in recent litigation.