Neither the federal government nor most US states confidently address how companies can use facial recognition images and other biometric data they collect through social networking sites, cameras in public places or by following the activities of Internet users. Illinois, fortunately, has what is widely considered to be the strongest and most effective tech privacy law in the country – a law that has forced Facebook and other giant corporations to make changes to their practices that have had a positive impact even outside the borders of Illinois. On this issue, federal lawmakers could learn something from Lincoln Country.
When the Illinois Biometric Information Privacy Act was passed in 2008, the technology it sought to harness was still nascent or, in some cases, theoretical. “Biometric” essentially refers to data gathered from a person’s physical characteristics (fingerprints, facial imaging, retina scans) or behavioral patterns (shopping habits, social media interactions).
Debate over its use in high-tech applications has often centered on how government and law enforcement might use and potentially misuse it. This remains a valid debate. But Illinois law focuses specifically on private businesses, prohibiting them from taking anything from customers without permission: their unique physical and behavioral characteristics.
People also read…
Such technology can be useful when deployed in a limited way with consumer permission – the facial recognition program that can open your cellphone for you, for example.
But when this data is collected en masse, often without the knowledge of consumers, and sold between companies, it ceases to be a convenience and becomes, at best, an annoyance – as with micro-targeted habit-based ad barrages. consumer browsing on the Internet. . More sinister issues include the potential for loosely deployed biometric data to impact credit, employment, or housing decisions, giving companies far more candidate data than they would otherwise have. right.
Illinois law requires entities to obtain a person’s written consent before collecting or storing that person’s biometric data and gives consumers the power to sue for damages if companies violate this law.
The law ushered in last year’s record $650 million settlement from Facebook for about 1.5 million Illinoisans who sued the company’s facial recognition feature, which stored user data to identify them in photos across the platform. Facebook announcement in November, it shut down the feature after weighing “the positive use cases of facial recognition against growing societal concerns.” The shutdown resulted in the deletion of facial recognition data from over a billion users.
This is just one example of how Illinois law helps protect citizen privacy, even outside its borders, in the absence of a national standard. Such a standard, enshrined in federal law, would be a preferable approach. If and when Congress mobilizes enough to fix the problem, Illinois has provided a plan.