BIPA: The Most Important Biometric Privacy Law in the US?

Regulating Biometrics: Global Approaches and Urgent Questions, ed. Amba Kak (AI Now 2020), 96-103

8 Pages Posted: 5 Jan 2021

See all articles by Woodrow Hartzog

Woodrow Hartzog

Northeastern University School of Law and Khoury College of Computer Sciences; Center for Law, Innovation and Creativity (CLIC); Stanford Law School Center for Internet and Society

Date Written: October 30, 2020

Abstract

This chapter explores the importance and limits of the Illinois Biometric Information Privacy Act (BIPA). Enacted in 2008, lawmakers designed BIPA to provide “safeguards and procedures relating to the retention, collection, disclosure, and destruction of biometric data.” It was the first state law in the US to specifically regulate biometrics.

BIPA’s substantive rules follow a traditional approach to data protection. Private entities must get informed consent before collecting or disseminating a person’s biometric information. They are prohibited from selling, leasing, trading, or otherwise profiting from a person’s biometric information. Companies must also follow specific retention and destruction guidelines. Finally, the statute binds private entities to a high standard of care in transmitting, storing, and protecting biometric information.

BIPA has a number of virtues. Thanks to BIPA’s private cause of action, it has become the key for holding companies that use biometric systems accountable. But notwithstanding BIPA’s remarkable effectiveness, it is probably not the best model for America’s biometric privacy identity. A private cause of action is necessary, but not sufficient, to respond to the risk of biometrics. BIPA is too rooted in a myopic and atomistic “notice and choice” approach to privacy. It is a guide for lawmakers not just because of what it provides but also because of what it lacks.

Keywords: privacy, data, surveillance, biometrics, data protection, technology, internet

Suggested Citation

Hartzog, Woodrow, BIPA: The Most Important Biometric Privacy Law in the US? (October 30, 2020). Regulating Biometrics: Global Approaches and Urgent Questions, ed. Amba Kak (AI Now 2020), 96-103, Available at SSRN: https://ssrn.com/abstract=3722053

Woodrow Hartzog (Contact Author)

Northeastern University School of Law and Khoury College of Computer Sciences ( email )

416 Huntington Avenue
Boston, MA 02115
United States

HOME PAGE: http://https://www.northeastern.edu/law/faculty/directory/hartzog.html

Center for Law, Innovation and Creativity (CLIC) ( email )

416 Huntington Avenue
Boston, MA 02115
United States

Stanford Law School Center for Internet and Society ( email )

Palo Alto, CA
United States

HOME PAGE: http://cyberlaw.stanford.edu/profile/woodrow-hartzog

Here is the Coronavirus
related research on SSRN

Paper statistics

Downloads
19
Abstract Views
99
PlumX Metrics