Network Security

Cutting edge and comprehensive Network & Data Security Solutions.

Supplying the very best in class hardware solutions

The Latest Generation Servers from Hewlett Packard

When speed and latency really matter

GEN has the options for you

Unified Communications

Brings your computer, tablet and phone closer together

State of the Art Green DataCentres

Using the latest technology and Power Management

Today the Illinois Supreme Court ruled unanimously that when companies collect biometric data like fingerprints or face prints without informed opt-in consent, they can be sued. Users don't need to

prove an injury like identity fraud or physical harmjust losing control of ones biometric privacy is injury enough.

In Rosenbach v. Six Flags, a 14 year old brought a challenge against an amusement park for collecting his thumbprint without his informed consent, in violation of Illinois law. The law in question, the Illinois Biometric Information Privacy Act (BIPA), prohibits companies from gathering, using, or sharing biometric information without informed opt-in consent. EFF, along with ACLU, CDT, the Chicago Alliance Against Sexual Exploitation, PIRG, and Lucy Parsons Labs, filed an amicus curiaebrief urging the Illinois Supreme Court to adopt a robust interpretation of BIPA.

The Illinois Supreme Court agreed with us and soundly rejected the defendants argument that BIPA required a person to show an injury beyond loss of statutory privacy rights. The Court rejected the companys argument that violation of a privacy statute is a mere technical violation of the law. In fact, the Court ruled, it inflicts a serious harm that supports a lawsuit.

The court recognized that, through BIPA, the legislature had codified an individuals right to privacy in and control over their biometric identifiers and biometric information. The need to codify this right was supported by the legislatures findings that biometrics may be used to access sensitive information, but unlike other identifiers like social security numbers, biometrics are unique to each individual and cant be changed. As a result, the Court ruled, quoting the legislature: once compromised, the individual has no recourse, is at heightened risk for identity theft, and is likely to withdraw from biometric-facilitated transactions.

For these reason, the court held, a person is clearly aggrieved under BIPA through the mere violation of the act alone:

When a private entity fails to adhere to the statutory procedures, as defendants are alleged to have done here, the right of the individual to maintain [their] biometric privacy vanishes into thin air. The precise harm the Illinois legislature sought to prevent is then realized. This is no mere technicality. The injury is real and significant. (Emphasis added.)

Illinois BIPA is the strongest biometric privacy law in the United States. As biometric collection, use, and sharing become more widespread and invasive every year, it only becomes more important that private citizens can sue under laws like BIPA to protect their privacy. More businesses than ever are capturing and monetizing our biometric information. Retailers use face recognition to surveil shoppers behavior as they move about the store, and to identify potential shoplifters. Employers use fingerprints, iris scans, and face recognition to manage employee access to company phones and computers. People have filed BIPA lawsuits against major technology companies like Facebook, Google, and Snapchat, alleging the companies applied face recognition to their uploaded photographs without their consent.

EFF and other privacy groups for years haveresisted big business efforts to gut BIPA. Laws like BIPA that allow private citizens to sue are necessary for several reasons. First, biometric surveillance is a growing menace to our privacy. Our biometric information can be harvested at a distance and without our knowledge, and we often have no ability as individuals to effectively shield ourselves from this grave privacy intrusion. Second, BIPA follows in the footsteps of a host of other privacy laws that prohibit the capture of private information absent informed opt-in consent, and that define capture without notice and consent by itself as an injury. Third, allowing private lawsuits is a necessary means to ensure effective enforcement of privacy laws.

The Rosenbach case has important ramifications for another case brought under BIPA challenging Facebooks use of biometric face surveillance without users consent. That case, In re Facebook Biometric Information Privacy Litigation (also called Patel v. Facebook), is currently on appeal in the U.S. Ninth Circuit Court of Appeals in California. Like the defendants in Rosenbach, Facebook has argued that a loss of statutory biometric privacy rights is not enough to sue a company, but instead, the plaintiff must also show additional harm. EFF and our privacy allies filed an amicus curiaebrief in this case, too.

The Facebook district court rejected this argument last year, as did the Illinois Supreme Court today.

Were hopeful the Rosenbach ruling shuts down this argument once and for all. The Illinois Supreme Court cited the California Facebook case with approval and quoted from it extensively. Now its up to the Ninth Circuit to allow that case to proceed.

Thank you for your interest in our FREE Cyber Security Consultancy.

GEN has been providing network and infrastructure security advice and consultancy for the last 20 years and we've never charged for advice. Our aim here is to provide a fr

...

Managed Services, is a term which refers to outsourcing part of the services your business uses to be installed, maintained and supported by an outside company, in many cases a specialist in the field. For example, a company may require a

...

The Supreme Court took a major step in cutting back on abstract software patents when it issued its landmark ruling in Alice Corp. v. CLS Bank. Since then, courts have thrown

GEN has been an investor in Synology hardware and solutions since its arrival on the market, and in that time Synology has become synonymous with quality and performance in the dedicated NAS arena. Founded in 2000, Synology is dedicated to

...