A proposed agreement with the U.S. for sharing personal data for border and immigration control "must be accompanied by comprehensive and effective safeguards," the European Data Protection Supervisor said in an opinion Thursday.
Biometric Privacy
Biometric privacy laws regulate how companies handle sensitive personal identifiers like facial scans, fingerprints and voiceprints. In the U.S., Illinois’ BIPA has led to landmark litigation and multimillion-dollar settlements, setting a precedent for consent, data retention and security standards. Other states and countries are following suit with their own biometric requirements. This page covers key lawsuits, regulatory action and compliance best practices in the biometrics space.
Kmart Australia violated customers' privacy by indiscriminately collecting their personal and sensitive data with facial recognition technology (FRT) in an operation designed to tackle refund fraud, Privacy Commissioner Carly Kind announced Thursday.
The growing use of voice recognition technologies in the public and private sectors is prompting data protection and regulatory concerns, an advisory body, the U.K. Biometrics & Forensics Ethics Group (BFEG), and a privacy consultant said.
Businesses defending themselves against charges under the California Invasion of Privacy Act (CIPA) sometimes find that exclusions and limitations in their insurance policies for cyber or commercial general liability (CGL) leave them exposed, attorney Kathryn Rattigan said in a blog post Thursday. For CIPA claims, her key takeaway is "don’t assume your insurance will cover [a] privacy lawsuit," the Robinson+Cole lawyer added.
Age-estimation technology and its role in reducing regulatory burden is gaining attention in industry and data privacy circles, an official with BBB National Programs said Friday.
Draft regulations to implement the New Jersey Data Protection Act (NJDPA) may exceed the statute, said advertising, tech industry and news media groups in comments to the New Jersey attorney general’s office’s Division of Consumer Affairs. They suggested that New Jersey try to align more closely with other states that have comprehensive privacy laws.
A federal judge dismissed several claims against Chinese technology company ByteDance, including that it violated the Computer Fraud and Abuse Act (CFAA), the Electronic Communications Privacy Act (ECPA) and the California Invasion of Privacy Act (CIPA). But in the Friday ruling, U.S. District Court for Northern Illinois Judge Georgia Alexakis allowed a claim ByteDance violated the Biometric Information Privacy Act (BIPA), as well as the restitution and unjust enrichment claim against the company, to continue in the privacy case.
California legislators refined a proposed update to the California Delete Act on Tuesday. Now on third reading and awaiting a floor vote in the Assembly, SB-361 by Sen. Josh Becker (D) would require data brokers to disclose more types of personal information in their state registrations than they do now.
A Michigan-based health system with more than 70 providers suffered a data breach last year that exposed personal information of almost 140,000 individuals, a law firm said Monday. Two states also recently reported the breach of Aspire Rural Health System. The company may have violated state and federal laws by disclosing the breach well after it occurred.
While recent court decisions have added to a circuit split on the Video Privacy Protection Act (VPPA) of 1988 (see 2508190026), some have also introduced notable interpretations of how the statute should apply, privacy lawyers said in interviews with Privacy Daily.