The grey area of biometric data
No. 73: Bringing you the news that matters in video privacy and security
Biometric data privacy is ushering in a new era of legal and ethical challenges, due to the increased collection and use of biometric data (e.g. fingerprints, facial recognition, and genetic information). Is there enough protection around biometric data? How can companies be proactive rather than reactive to biometric data privacy concerns?
The Illinois Supreme Court determined that healthcare workers do not fall under the protection of the Biometric Information Privacy Act (BIPA) when using biometric data, under specific circumstances - such as fingerprint scans for workplace functions like accessing drug cabinets. This nuanced application of biometric data laws points to potential gaps in legal protection for certain groups, particularly in employment settings.
The data breach at genetic testing company 23andMe paints a different but equally concerning picture. Nearly 7 million people's DNA ancestry information was compromised, highlighting vulnerabilities in the storage and protection of genetic biometric data.
While BIPA's provisions offer a degree of protection, its limitations can exacerbate vulnerabilities and leave certain groups unprotected. Moving forward, it's imperative to reconcile these legal disparities and address the gaps to ensure a cohesive, secure, and privacy-centric approach to biometric data.
As always, please send any feedback or topics of interest you would like to be covered.
Seena, Editor
News
Bipartisan bill introduced to end involuntary facial recognition at airports
Senators John Kennedy and Jeff Merkley introduced the Travelers’ Privacy Protection Act aimed at ending the Transportation Security Administration's (TSA) use of involuntary facial recognition screening at airports. The bill seeks to repeal TSA's authorisation for this technology and mandate the disposal of collected facial biometric data.
The Hill: Senators introduce bipartisan legislation ending involuntary facial recognition screening
Forbes: Here’s Why Senators Want To Ban The TSA’s Facial Recognition Screening At Airports
Illinois Supreme Court rules healthcare workers are exempt from biometric privacy law
The Illinois Supreme Court unanimously ruled that healthcare workers are not protected under the Biometric Information Privacy Act (BIPA) in specific circumstances - such as when required by employers to use fingerprint scans for accessing drug cabinets.
Biometric Update: HIPPA trumps biometric privacy law in drug cabinet lawsuit
Meta to add encryption for Messenger, stirring privacy and security debate
Meta plans to make Messenger a fully encrypted service, aligning it with other messaging apps like WhatsApp and Apple’s iMessage. Intended to enhance user privacy by preventing third parties from accessing message content, it has reignited debates between privacy advocates and law enforcement, with concerns about its impact on tracking criminal activities like child exploitation.
The New York Times: Meta Plans to Add Encryption to Messenger, Stoking a Privacy Debate
Massive security breach at 23andMe affects millions
23andMe experienced a security breach, exposing a significant number of files containing ancestry profiles, affecting nearly 7 million users. Hackers accessed information such as names, relationship labels, birth years, and locations, and later sold this data online.
Tech Crunch: 23andMe confirms hackers stole ancestry data on 6.9 million users
The Guardian: Genetic testing firm 23andMe admits hackers accessed DNA data of 7m users
Heightened surveillance concerns at COP28 climate summit in Dubai
The COP28 climate summit in Dubai is under scrutiny for its widespread surveillance, including those linked to Emirati company Presight with past spying allegations. The comprehensive surveillance network raises privacy concerns among attendees, activists, and participants, as it potentially enables authorities to monitor activities throughout the event.
ABC News: At UN climate talks, cameras are everywhere. Many belong to Emirati company with a murky history
Euronews: COP28: Activists fear surveillance and arrests at Dubai climate summit
AI Snippet of the Week
Old Navy faces lawsuit over AI chatbox "wiretapping"
Old Navy is currently facing a lawsuit alleging that its chatbot engages in illegal wiretapping by recording and storing online chat conversations with customers. The lawsuit, filed in the Central District of California, claims that the chatbot deceives users into believing they are interacting with a human representative and shares consumer data with third parties without proper consent or notification.
Retail Wire: Gap’s Old Navy AI Chatbots Accused of Illegal Wiretapping
Policy Updates
California sets to lead AI regulation with comprehensive ADMT framework
The California Privacy Protection Agency (CPPA) has introduced draft regulations on Automated Decision-Making Technologies (ADMT) under the Consumer Privacy Protection Act. These regulations encompass a broad range of ADMT, including AI, machine learning, and profiling, and emphasise transparency, consumer notice, and opt-out processes.
Bloomberg: California’s Draft AI Privacy Rules Show Ambitious Approach
To subscribe to our fortnightly newsletter, please click here
Thanks for reading, if you have any suggestions for topics or content that you want to see covered in future please drop a note to: info@secureredact.co.uk