Brazil's Data Protection Authority on Monday opened the public consultation period on biometric data as it begins an initiative to analyze whether there is a need for government intervention -- via a guide document or regulation -- on the topic.
Biometric Privacy
Biometric privacy laws regulate how companies handle sensitive personal identifiers like facial scans, fingerprints and voiceprints. In the U.S., Illinois’ BIPA has led to landmark litigation and multimillion-dollar settlements, setting a precedent for consent, data retention and security standards. Other states and countries are following suit with their own biometric requirements. This page covers key lawsuits, regulatory action and compliance best practices in the biometrics space.
Biometric systems must be designed in a way that honors the ability to revoke and delete data, especially with the rise of biometric authentication in daily life, said privacy-focused system design software engineer Naveen Kumar Reddy Pajjuri in an IAPP piece Wednesday.
Kenya's Office of the Data Protection Commissioner published the Data Protection Act guidance compendium to help entities comply with the country's 2019 Data Protection Act, the office announced Friday. Several sector-specific guidelines were developed, including notes on processing children's data, biometric data and personal data for journalistic purposes.
The Electronic Frontier Foundation applauded Montana for being the first state to close a “data broker loophole” for law enforcement. Separately, Cooley lawyers noted Montana's leadership role among states in crafting the country's third neural privacy law.
DUBLIN -- One of the least clear aspects of the EU AI Act is its content on using biometric data, panelists said Wednesday at the IAPP AI Governance Global Europe 2025 conference.
Massachusetts senators advanced a comprehensive privacy bill that includes a private right of action and Maryland-like data-minimization requirements. On Monday, the Senate side of the legislature’s joint Advanced Information Technology Committee advanced to the Ways and Means Committee a new draft of the Massachusetts Data Privacy Act (S-2516) that replaces bills by the committee’s Senate Chair Michael Moore (D), Senate Majority Leader Cynthia Creem (D) and Sen. William Driscoll (D). Some alternatives remain pending, including legislation by Sen. Barry Finegold (D), his spokesperson told Privacy Daily.
Age-verification tools are not a silver bullet that will protect children and young people on internet sites and social media platforms, speakers said Monday at a session of the European Dialogue on Internet Governance.
Google's nearly $1.4 billion settlement with Texas solidifies the state's status as an aggressive privacy enforcer, lawyers and consumer privacy advocates said Monday. Texas announced the settlement Friday in a case involving Google's allegedly unlawful tracking and collection of users' personal information, including geolocation and biometric data (see 2505090071).
Texas Attorney General Ken Paxton (R) announced a nearly $1.4 billion settlement with Google in a case about the company's unlawful tracking and collecting of user's personal information, including geolocation and biometric data. Paxton filed the lawsuit against Google in October 2022, alleging violations of the Texas Capture or Use of Biometric Identifier Act (see 2210200075).
The global health care and life sciences sectors face major regulatory challenges in the U.S. and Europe from data transfer and cybersecurity laws, speakers said Thursday during an IAPP webinar.