On Friday, the Illinois Supreme Court ruled that in order to pursue a claim for $1,000 – $5,000 in statutory damages under the Biometric Information Privacy Act (BIPA) an individual need not plead or prove more than a technical violation of the statute. This decision opens the door to additional lawsuits under the only biometric law in the nation that allows for a private right of action.
Technology that determines an individual’s identity or location has been the subject of significant media attention in the first half of 2018: Amazon made news with the sale of its facial recognition technology to law enforcement, the U.S. Supreme Court ruled that the government generally must obtain a warrant to access certain types of geolocation information, California arrested the Golden State Killer using the DNA information of a relative, and Facebook came under fire for the way in which Cambridge Analytica accessed the data of tens of millions of users. Garnering less attention, but of no less importance, are the legislative efforts underway in the federal government and in many states to regulate these emerging technologies and limit the ways in which this information can be collected.
One of the most frequent predictions for significant growth in 2018 is the development of the connected car ecosystem. During the second half of 2017, there were workshops, proposed legislation and other guidance from the Department of Transportation and the National Highway Traffic Safety Administration (NHTSA).
In June 2017, the FTC and the NHTSA hosted a workshop in Washington, D.C. to discuss the enormous amounts of data collected and used in the connected car ecosystem. The workshop included representatives from consumer groups, industry, government and academia, and explored the benefits and challenges in this fast-growing market. After reviewing the materials submitted in connection with the workshop, the FTC released its Key Takeaways earlier this month.
In addition, the U.S. House of Representatives passed H.R. 3388, the SELF DRIVE (Safely Ensuring Lives Future Development and Research in Vehicle Evolution) Act to encourage testing, development and deployment of highly automated vehicles. Finally, the U.S. Department of Transportation and the NHTSA released new federal guidance for automated vehicles titled Automated Driving Systems 2.0: A Vision for Safety.
The Georgetown Law Center for Privacy & Technology released a report that takes a harsh look at the Department of Homeland Security (DHS)’s “Biometric Exit” program. The “Not Ready for Takeoff: Face Scans at Airport Departure Gates” report highlights the myriad number of privacy and fairness issues associated with the use of biometric data for screening and other purposes. The Biometric Air Exit program uses biometric data to verify travelers’ identities as they leave the U.S. and has been deployed at Boston’s Logan International Airport and eight other airports. The program is operated by DHS and uses photographs of passengers taken at the gate while boarding to verify travelers’ identities as they leave the country. Prior to departure of an outbound international flight, DHS prepopulates the Traveler Verification Service (TVS) with biometric templates from the travelers expected on the flight. TVS either confirms the travelers face or rejects the face as a “non-match.” Non-matched travelers credentials will then be checked manually.