Greetings from Portsmouth, New Hampshire!
Welcome to 2022! I'm rested and rejuvenated for what is projected to be a very busy year on the privacy front and I hope all of you are equally prepared for the road ahead.
With what lies on the horizon, I bring your attention to the discussion around the deployment and regulation of biometric technologies in the U.S. The conversation around these technologies and how to keep them in check has grown louder in recent years, and I'd expect talks to gain further traction in the coming year.
The chatter around biometrics is led by the evolution and growing prevalence of facial recognition across the U.S. Wired recently published a thought-provoking report on the peaks and valleys with facial recognition, noting approximately two dozen U.S. cities and states have facial recognition bans in place while we're still seeing rampant and growing use of the technology in our everyday lives, ranging from obvious deployments in places like airports to unorthodox uses like identification verification for obtaining unemployment benefits. While the bans popping up show concern and serve a purpose, they only address one aspect of the issue.
So the question remains: How do you effectively regulate facial recognition and other biometrics across the board? The Chicago Sun-Times Editorial Board wrote this week that states should consider passing laws that mirror the Illinois Biometric Information Privacy Act, calling the legislation "a critically important law" for safeguarding individuals' most sensitive data. The concept of a BIPA-style law in each state is certainly an option; however, we continue to see alleged BIPA violations and subsequent class-action suits get dragged out in court. Waiting for redress is a burden for affected consumers, but companies are also being hit with scrupulous and far-reaching complaints that likely wouldn't happen with more specific provisions or exemptions.
Even still, states are attempting to cover biometric privacy with provisions in comprehensive privacy bills. But as has been the case with state privacy legislation debate, the risk of a patchwork developing from varying definitions or provisions around biometric data from state to state is real and not a scenario companies look forward to.
So with current regulatory options staring down dead ends and controversy aplenty, it seems something meaningful will likely have to come from a federal level. U.S. Congress has been mostly concerned with comprehensive privacy legislation, but the White House Office of Science and Technology Policy might be on to something. The WHOSTP held listening sessions in November 2021 on how to best address artificial intelligence-powered biometric technologies and it'll close a request for information on public and private-sector uses of biometric technologies Jan. 15.
It remains to be seen what gets pulled from those fact-gathering initiatives and what the information will ultimately go toward, but fortunately, we have a whole year ahead of us to find out.