Racial justice must be at the center of AI-related regulations to prevent discrimination and the potential creation of a surveillance state, American Civil Liberties Union (ACLU) officials said Thursday during a panel.
Biometric Privacy
Biometric privacy laws regulate how companies handle sensitive personal identifiers like facial scans, fingerprints and voiceprints. In the U.S., Illinois’ BIPA has led to landmark litigation and multimillion-dollar settlements, setting a precedent for consent, data retention and security standards. Other states and countries are following suit with their own biometric requirements. This page covers key lawsuits, regulatory action and compliance best practices in the biometrics space.
Privacy Daily is providing readers with the top stories from last week, in case you missed them. All articles can be found by searching the title or clicking on the hyperlinked reference number.
DOJ’s data transfer rule goes into full force Tuesday, but many companies are still seeking clarity from the department about compliance, privacy attorneys told us in interviews this week (see 2504140047).
Effective Tuesday, an amendment to the Colorado Privacy Act (CPA) that enhances protections for biometric identifiers widens the scope of whom the privacy law applies to and forces companies to review their policies, said privacy lawyers. Enacted as HB-1130 in June 2024, the measure compels entities that collect biometric data to meet stringent notice and consent requirements if they use or intend to use it for unique identification (see 2406030010).
A comprehensive privacy law taking effect Tuesday in Tennessee may appear business-friendly compared with similar measures in other states, but privacy lawyers note that it also contains some of the highest penalties for noncompliance. Companies could avoid a Tennessee crackdown by taking advantage of a novel safe harbor in the law, Mintz’s Cynthia Larose told Privacy Daily.
The 7th U.S. Circuit Court of Appeals could soon issue a ruling on the retroactivity of a 2023 amendment to the Illinois Biometric Information Privacy Act (BIPA), which would provide significant clarity about pending BIPA cases, said blog posts by multiple law firms.
Connecticut will amend its privacy law again with what some lawyers say are significant changes. Gov. Ned Lamont (D) on Wednesday signed an omnibus (SB-1295) that contained the language of a bill (SB-1356) by Sen. James Maroney (D) updating the state’s 2022 privacy law (see 2506050004). Changes to the Connecticut Data Privacy Act (CTDPA) will take effect July 1, 2026.
Affirming a circuit court's earlier ruling, an Illinois appellate court Tuesday certified class for railway workers who want to file a class-action suit claiming violations of the state's Biometric Information Privacy Act (BIPA). Plaintiffs in case 1-24-1961 allege that railway industry service provider ITS Technologies' use of employee biometric information for time clocks violates the state statute.
The European Commission must urgently reassess Israel's data protection adequacy status, European Digital Rights (EDRi), the Electronic Privacy Information Center and 15 other civil rights groups said in a Tuesday letter to Michael McGrath, EU commissioner for democracy, justice, rule of law and consumer protection. Neither the EC nor the Israeli government commented immediately.
A California bill seeking to limit “surveillance pricing” cleared a key committee at a hearing Tuesday afternoon. The Assembly Privacy Committee voted 10-4 for SB-259, with Republicans opposing. In addition, the committee cleared bills about data brokers and breaches as part of a unanimous vote on a consent agenda. All the bills previously passed in the Senate.