Data privacy laws have made significant breakthroughs in recent years, making it a top priority for businesses. From the adoption of the European Union’s General Data Protection Regulation (GDPR) in 2016 to the enactment of the California Consumer Privacy Act (CCPA) in 2018 and the latest ballot approval of the California Privacy Rights Act (CPRA) in 2020, we continue to see data privacy laws develop and garner interest from consumers, businesses, and legislators alike.
Specific biometric privacy laws, in particular however, are often overshadowed by more general data privacy laws. As we discussed in our prior article, biometrics are physical and behavioral human characteristics (i.e., face, eye, fingerprint, and voice features) that can be used to digitally identify a person. As the collection and use of biometric data become more common in daily life and its applications in different industries continue to expand, new privacy considerations will emerge in this field. Biometrics laws, in their own right, require separate recognition because of the nuanced application of these specific laws.
The United States does not have a single, comprehensive federal law governing biometric data. Recently, we have seen an increasing number of individual states focus on this issue, and the recent introduction of legislation in a number of states specifically aimed at protecting the collection, retention, and use of biometric data. In Part I, we summarize some of the legislative activity on biometric laws from 2020. We will describe other noteworthy legislation to monitor for 2021 in Part II.