Hello all, and happy Thursday!
For some time, Illinois has been the wrong place to play fast and loose with consumer biometric data. That’s still true for a variety of reasons—not least of which is the simple fact that it’s wrong to abuse people’s personal data. But now, violators of Illinois’s Biometric Information Protection Act (BIPA) face significantly reduced financial penalties.
Previously, businesses that misused consumer biometric data in violation of BIPA were penalized per instance of misuse. Since a business could conceivably misuse one individual’s biometric data over and over again before getting caught, BIPA fines could reach stratospheric levels, like Facebook’s eye-watering $650 million fine.
However, Governor Pritzker recently signed legislation that changed the method for calculating fines. Now, penalties apply on a per-person basis, which considerably reduces a business’s potential liability.
Does that mean it’s open season for Illinoisan’s biometric data? Nope.
BIPA’s penalties can still be significant, even with the new method for calculating fines. And while Illinois lacks a state data privacy law, the number of other state privacy laws that now exist make it difficult for a business to selectively misuse Illinoisan’s biometric data, especially since biometric data is often classified as “sensitive” personal informpeoation subject to additional requirements under data privacy law.
All in all, this change doesn’t mean too much for businesses; keep investing in your privacy program and protecting consumer personal data, and you won’t ever have to think about how BIPA penalties are calculated.
Best,
Arlo
The Data Protection Commission (DPC) has launched High Court proceedings against Twitter International Unlimited Company over concerns about how the personal data of millions of European users of X, as the social network is now called, is being processed. The DPC says its concerns center around the use of this data, in public posts by X users, in the European Union/European Economic Area to train artificial intelligence (AI) systems utilized by Twitter, including its enhanced search tool known as “Grok.”
While the recent proliferation of comprehensive privacy laws enacted by at least eighteen states has dominated the news in the US, another development threatens to further impact companies operating websites accessed by California consumers—the recent wave of lawsuits and arbitration demands under the California Invasion of Privacy Act (CIPA). The American Bar Association (ABA) breaks down these CIPA lawsuits here.
Google has violated U.S. antitrust law with its search business, a federal judge ruled Monday, handing the tech giant a staggering court defeat with the potential to reshape how millions of Americans get information online and to upend decades of dominance. “After having carefully considered and weighed the witness testimony and evidence, the court reaches the following conclusion: Google is a monopolist, and it has acted as one to maintain its monopoly,” US District Judge Amit Mehta wrote in Monday’s opinion.
Illinois Governor J.B. Pritzker has signed a bill into law that will significantly curb the penalties companies could face for improperly collecting and using fingerprints and other biometric data from workers and consumers. The bill, passed by the legislature in May and signed by Pritzker on Friday amends the state's Biometric Information Privacy Act (BIPA) so that companies can be held liable only for a single violation per person, rather than for each time biometric data is allegedly misused.
Following a Federal Trade Commission (FTC) investigation, the Department of Justice sued video-sharing platform TikTok, its parent company ByteDance, as well as its affiliated companies with violating the Children’s Online Privacy Protection Act (COPPA) and also alleged they infringed an existing FTC 2019 consent order against TikTok for violating COPPA.
Should the suit be successful, TikTok may be fined up to $51,744 per violation, per day.
For many organizations, the problem isn’t how to handle a DSAR; it’s how to handle multiple DSARs all at once, with complete accuracy, and on time. Our blog identifies five common challenges businesses face when trying to manage their DSARs more effectively as well as five solutions.
There's more to explore:
We go deeper into additional privacy topics with incredible guests monthly. Available on Spotify or Apple.
The book inspired by this newsletter: Osano CEO, Arlo Gilbert, covers the history of data privacy and how companies can start building a privacy program from the ground up. More details here.
If you’re interested in working at Osano, check out our Careers page!