Regulating biometric data: Controlling the lawless data economy

IMAGE CREDIT:
Image credit
iStock

Regulating biometric data: Controlling the lawless data economy

Regulating biometric data: Controlling the lawless data economy

Subheading text
Governments are pressured to implement biometric data privacy laws that aim to protect their respective citizens from exploitation.
    • Author:
    • Author name
      Quantumrun Foresight
    • November 24, 2022

    Insight summary

    Among the different types of biometric data, faceprints or facial recognition information are receiving the most regulatory scrutiny. The increasing use of facial recognition software in public surveillance and law enforcement might violate data privacy laws. As a result, governments and organizations are developing standards to monitor and limit the use of biometric information.

    Regulating biometric data context

    Biometric technology data is produced frequently in corporate and personal situations, as authentication methods, such as fingerprint scanning and facial and voice recognition, are becoming standard on devices. In addition, many businesses use technology with biometric capabilities to identify employees and vendors and conduct consumer transactions. Retailers increasingly utilize virtual try-ons of items such as eyeglasses or cosmetics that rely on facial information. Moreover, biometrics are employed frequently on social media sites for lenses, filters, and sign-on verification. 

    Organizations dealing with biometric information must know this space’s current and future laws. Data standards are slowly being incorporated into information governance and security projects, litigation readiness plans, and compliance efforts. In the US, Illinois state was the first to directly regulate biometric data through the 2008 Biometric Information Privacy Act (BIPA).

    The purpose of BIPA is to control how businesses collect, use, store, handle, retain, and destroy biometric data. More importantly, firms must obtain informed consent from their customers before gathering personal information. This landmark law has encouraged other states to follow suit.

    Disruptive impact

    The evolving landscape of biometric data regulation, as exemplified by the 2023 enhanced California Privacy Rights Act and similar laws in states like Texas and Washington, highlights a trend towards stronger privacy protections. As consumers become increasingly aware of their rights, businesses may need to invest more in compliance measures and data security, potentially leading to higher operational costs. These laws also encourage innovation in privacy-enhancing technologies, as companies seek to balance efficient data use with regulatory compliance.

    On the international front, the debate over the 2019 Services Bill and Australian Passports Amendment in Australia illustrates the global complexity of biometric data regulation. Countries grappling with the dual imperatives of enhancing security and protecting privacy may face legislative challenges. The Australian experience suggests that any comprehensive biometric data legislation will likely require rigorous oversight mechanisms. This could lead to a patchwork of regulations, posing challenges for multinational corporations operating in multiple jurisdictions.

    For governments, the challenge lies in balancing law enforcement and national security needs with individual privacy rights. The Australian case underscores the necessity of clearly defining access parameters and safeguards within biometric data legislation. This trend could lead to more democratic engagement, as public awareness and debate around privacy issues increase. In the long term, we might see a more nuanced approach to biometric data regulation, one that respects individual privacy while addressing national security and law enforcement needs.

    Implications of regulating biometric data

    Wider implications of regulating biometric data may include: 

    • More countries implementing regulations on collecting, storing, and using their respective citizens’ biometric information, including limiting its use in some public services.
    • Civic groups lobbying against their respective governments’ lack of transparency and increasing use of facial recognition scanners in public venues.
    • Many European countries continuing their anti-facial recognition data collection stance by implementing stricter data privacy laws.
    • Increased lawsuits against agencies and companies that violate data privacy laws as more people push back against data tracking.
    • Increased monitoring and crackdowns on illegal biometric data brokers (including big tech) and mismanagement of data storage and distribution.
    • Insurance companies adjusting their policies to address the risks associated with biometric data breaches, leading to new types of coverage and premiums.
    • Retail and marketing sectors shifting to less invasive customer tracking methods due to increased biometric data regulation, leading to new strategies for personalized advertising.
    • Educational institutions incorporating biometric data privacy into their curricula, fostering a generation more aware of digital rights and data protection.

    Questions to consider

    • How else can government adequately regulate biometric data collection and usage?
    • What are some of the ways that you share your biometric information?

    Insight references

    The following popular and institutional links were referenced for this insight: