Biometric technology has long been used for security and law enforcement purposes such as national security watch lists, passport controls, criminal fingerprint databases, and immigration processing. Now, however, the private sector increasingly uses these systems as a verification method for authentication that previously required a PIN or password. Apple’s decision to include a fingerprint scanner in the iPhone in 2013 brought new public awareness to possible non-law-enforcement applications of biometric technologies, and the company’s shift to facial recognition access in the most recent models further normalized the concept. Biometric technology continues to be adopted in many sectors, including financial services, transportation, health care, computer systems and facility access, and voting. In many cases, this technology is more efficient, less expensive, and easier to use than traditional alternatives, while also eliminating the need for passwords, which are broadly recognized as an insufficiently secure safeguard for user data. However, as with any digital system, there are privacy concerns around the collection, use, storage, sharing, and analysis of the data that are generated by these systems.
Featured
Old Laws & New Tech: As Courts Wrestle with Tough Questions under US Biometric Laws, Immersive Tech Raises New Challenges
Extended reality (XR) technologies often rely on users’ body-based data, particularly information about their eyes, hands, and body position, to create realistic, interactive experiences. However, data derived from individuals’ bodies can pose serious privacy and data protection risks for people. It can also create substantial liability risks for organizations, given the growing volume of lawsuits […]
When is a Biometric No Longer a Biometric?
In October 2021, the White House Office of Science and Technology (OSTP) published a Request for Information (RFI) regarding uses, harms, and recommendations for biometric technologies. Over 130 entities responded to the RFI, including advocacy organizations, scientists, experts in healthcare, lawyers, and technology companies. While most commenters agreed on core concepts of biometric technologies used […]
A New U.S. Model for Privacy? Comparing the Washington Privacy Act to GDPR, CCPA, and More
By Stacey Gray, Pollyanna Sanderson, and Katelyn Ringrose Download a printable version of this report (pdf). As Congress continues to work toward drafting and passing a comprehensive national privacy law, state legislators are not slowing down. In Washington State, a new comprehensive privacy law is moving quickly: last week, the Washington Privacy Act (SSB 6281) […]
CCPA Amendment Update June 2019 – Twelve Bills Survive Assembly and Move to the Senate
By Michelle Bae and Jeremy Greenberg Privacy professionals seeking clarity on compliance with the California Consumer Privacy Act (CCPA) are monitoring numerous amendment bills introduced in the California State Assembly and the California State Senate. Twelve bills garnered the votes needed to pass the Assembly and moved to the Senate for further revision and voting. […]
FPF Comments on the Washington Privacy Act, SB 5376
Today, the Future of Privacy Forum submitted comments to the Washington State Senate Ways & Means Committee on the proposed Washington Privacy Act, Senate Bill 5376. FPF takes a “neutral” position regarding the Bill, and makes a few important points. FPF commends the Bill’s sponsors for addressing a broad set of individual data protection rights. […]
Calls for Regulation on Facial Recognition Technology
We look forward to working with Microsoft, others in industry, and policymakers to “create policies, processes, and tools” to make responsible use of Facial Recognition technology a reality.