Home / Business / victory! Illinois Supreme Court protects biometric privacy

victory! Illinois Supreme Court protects biometric privacy

Today, the Illinois Supreme Court unanimously ruled that companies collecting biometric data, such as fingerprints or facial impressions, without obtaining informed consent, can be sued. Users do not need to prove injury such as identity fraud or personal injury – the loss of biometric privacy is just an infringement.

Rosenbach v. Six Flags brought the 14-year-old a challenge against an amusement park for collecting his fingerprint without his consent in violation of the law of Illinois. The bill in question, the Illinois Biometric Information Privacy Act ( BIPA ), prohibits companies from obtaining, using, or disclosing biometric information without consent. Together with ACLU, CDT, the Chicago Alliance Against Sexual Exploitation, PIRG and Lucy Parsons Labs EFF submitted a amicus curiae which called on the Illinois Supreme Court to adopt a robust interpretation of BIPA.

The Illinois Supreme Court agreed with us, rejecting the defendants' argument that BIPA must hurt a person beyond the loss of legal personality rights. The court dismissed the company's claim that the violation of a data protection law was a mere "technical violation of the law". In fact, the court has inflicted serious damage, supporting a lawsuit.

The court recognized this through BIPA Legislators had codified the "individual right to privacy and control over their biometric identifiers and biometric information". The need to codify this right has been supported by the legislature's knowledge that biometric data can be used to access sensitive information, unlike other identifiers such as social security numbers, biometrics are unique to each individual and can not be changed. As a result, the court ruled, citing the legislature: "Once the person is compromised, they no longer have recourse, are at increased risk of identity theft, and are likely to withdraw from biometrically facilitated transactions."

Court finds that a person was "attacked" by the BIPA "solely by the mere violation of the act":

If a private entity does not comply with the legal procedures, as the defendant allegedly took action here, "The person's right to uphold biometric privacy [their] disappears in the air, and the exact damage the Illinois legislator sought to prevent is then recognized." This is not a mere "technique." The injury is real and significant. (emphasis added.)

Illinois BIPA is the most stringent law protecting biometric data in the United States. As biometric data collection, use and sharing grow wider and more invasive from year to year, it becomes even more important for individuals to be able to sue laws like BIPA to protect their privacy. More companies than ever before capture and monetize our biometric information. Retailers use face recognition to overcome buyers' behavior while moving in the store, and to identify potential shoplifting . Employers use fingerprints, iris scans, and face recognition to manage employee access on the company's phones and computers. People have filed BIPA lawsuits against major technology companies such as Facebook Google and Snapchat . They claim that companies subjected their uploaded photos to facial recognition without their consent. 1

9659002] EFF and other privacy groups for years have opposed large enterprises resistance to evade BIPA. Laws such as BIPA that allow individuals to sue are necessary for several reasons. First, biometric surveillance is a growing threat to our privacy. Our biometric information can be obtained remotely and without our knowledge, and we often do not have the opportunity to effectively protect ourselves from this grave invasion of privacy. Second, BIPA follows in the footsteps of a number of other privacy laws that prohibit the collection of private data without the consent of the consent form and define the collection as a violation without notice and consent. Third, the admission of private claims is a necessary means to ensure effective enforcement of data protection laws.

The case Rosenbach has important implications for another case raised in the BIPA case against the use of Facebook's facial biometric monitoring without users' consent. This case In relation to Facebook Biometrical Information Privacy Litigation (also Patel v. Facebook ) is currently appealed to the US Court of Appeals in California. Like the defendants in Rosenbach Facebook has argued that a loss of statutory biometric personal rights is not sufficient to sue a company, but that the plaintiff must additionally do harm. The EFF and our allies in the area of ​​privacy have also filed a amicus curiae round in this case. [194559002] The Facebook Facebook Court dismissed this argument last year, as did the Supreme Court of Illinois today. 19659002] We hope that the judgment Rosenbach stops this argument once and for all. The Illinois Supreme Court cited the California case and cited it in detail. Now it is up to the ninth circuit to continue this case.

Source link