Understanding Biometric Laws to Safeguard Data Privacy

Data has been at the forefront of innovation in the modern tech world. Apart from harnessing data for development, what is equally important is that companies prioritize understanding and protecting consumers’ data. But even with the best minds and technologies at use, organizations are prone to occasional lapses due to the complexity of data privacy laws.

Last week, an Illinois-based customer sued McDonald's for collecting their biometric data at its new AI-powered drive-thru windows. The AI-based system used voice-recognition software instead of human servers and also collected the customers' voiceprints in the process.

The lawsuit claims the system violates the state’s Biometric Information Privacy Act (BIPA) as the company did not seek user consent before collecting their voiceprints. Such suits can invite heavy penalties to companies, both in terms of monetary loss as well as reputational damage.

Face and voice recognition systems have now become ubiquitous in our everyday lives, and due to this fact, we often overlook how these smart devices and technologies are gathering data that is unique to an individual.

We have cellphones that use facial recognition and fingerprints, while health monitoring devices constantly keep track of our vitals, sleep, health, and exercise patterns. Our biometric data is frequently collected by businesses and employers for security and authentication purposes. And the ongoing Covid-19 pandemic has driven the need for touchless operations, further increasing the adoption of such technologies.