TOTAL: {[ getCartTotalCost() | currencyFilter ]} Update cart for total shopping_basket Checkout

United States Privacy Digest | Notes from the IAPP Publications Editor, Jan. 19, 2018 Related reading: EU parliamentary elections: The process and potential digital policy impacts

rss_feed

Greetings from Portsmouth, NH!

The social media flavor of the week, at least here in the U.S., involved facial recognition and high art. Yes, if you're on Facebook, you likely tried out or saw your friends and long-lost cousin share a selfie and a corresponding portrait from a famous work of art. Google's Arts & Culture app became the number one free app in the Apple and Google Play app stores last weekend, and judging by all the matches I saw in my own Newsfeed, a lot of my connections tried it out, with varying results. 

That is, unless they lived in Illinois or Texas.

According to multiple reports, including this one by NPR, residents of those two states were not able to use the app. The alleged reason? The states' respective biometric privacy laws. Northwestern University prof. Matthew Kluger notes that to collect biometric data in those two states, organizations must disclose to users what they will do with the data and abide by certain restrictions sharing the information. But, as NPR's Mary Louise Kelly points out, the Arts & Culture app does provide a disclaimer on the app and includes a consent box to proceed. So, shouldn't that comply with Illinois' prescriptive biometric law?

Kluger suspects "Google is showing an abundance of caution here," most likely because of all the class-action cases currently underway in the state. He added: "And they may be concerned that someone might upload someone else's picture and therefore they don't have the consent of the person whose image is being captured." As of the time of writing this letter, Google has not publicly provided its official reasoning for the restrictions in Illinois and Texas and declined comment to the Chicago Tribune. So, fair enough: They look like they're being cautious. Can't blame them for that. 

We recently saw something similar when Facebook rolled out a suicide-prevention service that excludes users in the EU out of caution for the region's robust privacy laws. 

Others, however, argue something else might be afoot. Georgetown's Alvaro Bedoya pointed out in a Twitter thread that, sure, maybe the company is being cautious in Illinois because of the potential for a private right of action. But why Texas, where there is no private right of action? Bedoya posits that this might be a case of industry putting pressure on regions that have what it considers to be unreasonable privacy law. Are companies actually leveraging their users in regions with restrictive privacy regulations in an attempt to lighten privacy law? 

It seems like this segmenting of digital services by privacy regime will become a broader trend, regardless. As an outsider, I'd have to guess this would be an operational nightmare for companies. But, at the very least, it's food for thought - high art or no art. 

Jedidiah Bracy
Publications Editor
IAPP

Comments

If you want to comment on this post, you need to login.