A Tale of Two (Small) Victories
What BIPA and SyRI-related developments tell us about the future of privacy
Despite an otherwise dystopian start to 2020, there have also been a few glimmers of hope in the early weeks of the new decade. These recent developments light a path forward in an otherwise dark digital future and remind us that the solution to our present woes may be hiding in plain sight.
Much of this hope stems from a small (< 1500 words) but mighty piece of legislation — the Illinois Biometric Protection Act or BIPA. BIPA prevents companies from collecting the biometrics of individuals without their prior informed written consent and prohibits the sale and profiteering off of biometric information.
In January, the Supreme Court denied Facebook’s petition to hear Patel v. Facebook, in which the plaintiffs alleged that Facebook’s facial recognition-enabled photo tagging suggestion tool violated their rights under BIPA. While Facebook argued that plaintiffs could not demonstrate a concrete injury, the Ninth Circuit found that the mere collection of the plaintiff's biometric information was a sufficient harm under the statute (i.e. an injury-in-fact). Approximately one week later, the tech giant agreed to settle the case for a record $550 million.
