The contours of what biometric data can be collected, how and when may wind up being defined in part by the legal system, in cases that come state by state, suit by suit.
Various cases making their way through the court system in the United States illuminate the key debates around biometrics.
This month in Illinois, a state federal judge ruled that more than 44,000 truck drivers can proceed with a suit — in class action status — that alleges that BNSF Railway Company violated Illinois state law governing biometric data collection.
Specifically, the suit contends that the firm violated the Illinois Biometric Information Privacy Act due to the collection and the storage of the truckers’ fingerprints — doing so, as the plaintiffs allege, without informed consent.
In the background of the case, BNSF operates several intermodal facilities in Illinois that use an Auto-Gate System (AGS) to control truck drivers’ access and their ability to enter and exit the facilities. If drivers are not registered to AGS, they are directed to be registered through scanning fingerprints.
But the processes do not include drivers’ submitting written consent or explicit terms as to how long the data can be stored. On subsequent visits, the driver scans their fingerprints to gain entry to the facility. BNSF had countered that the third-party firm Remprex was and is the sole operator/owner of the biometric system (and thus should have been the party sued); the plaintiff(s) allege that BNSF is the ultimate owner of the system.
The key issues of transparency, of consent — and what might happen if that consent is not explicitly given — are part and parcel of this case.
In February, Texas Attorney General Ken Paxton filed a lawsuit against Facebook parent company Meta Platforms, saying the company’s now-discontinued use of facial recognition technology violated state privacy laws regarding personal biometric data. The AG is suing Meta for hundreds of billions of dollars.
“Facebook has been secretly harvesting Texans’ most personal information — photos and videos — for its own corporate profit,” said Paxton at the time. “Texas law has prohibited such harvesting without informed consent for over 20 years.”
These are but two examples of the issues that must be wrangled on the legal stage. But there is a growing consumer awareness and willingness to embrace biometrics. As noted in PYMNTS research, more than one-third of consumers are willing to use biometric methods for authentication purposes.
Almost half of the consumers PYMNTS surveyed said they’re willing to use fingerprint scans in private and public settings, per last month’s edition of the Future of Authentication in Financial Services, a PYMNTS and Entersekt collaboration. Of the consumers comfortable with these methods, 36% use fingerprint scans, 28% use facial scans and 18% use voice scans at least monthly.