The collection and use of biometric information may violate the Federal Trade Commission Act, and the FTC plans to review its use, the agency said in a warning issued Thursday.
The FTC said the increased use of biometric data raises significant concerns about consumer privacy and data security and has the potential for bias and discrimination.
“In recent years, biometric surveillance has become more sophisticated and pervasive, posing new threats to privacy and civil rights,“ said Samuel Levine, director of the FTC’s Bureau of Consumer Protection.
“Today’s policy statement makes clear that companies must comply with the law regardless of the technology they use.”;
The agency’s 12-page policy statement notes that there has been a proliferation of biometric information technologies in recent years, including facial recognition, iris and fingerprint technologies that collect and process biometric information to identify individuals.
Other biometric information technologies use, or purport to use, biometric information to determine individuals’ characteristics, including age, gender and race, as well as personality traits, aptitude and demeanor, the statement said.
Biometric information “can pose significant risks to consumers” and “without clear disclosures and meaningful choices“ they “may have little way to avoid these risks or unintended consequences of these technologies,” according to the FTC.
Some technologies, such as facial recognition, can facilitate or produce discriminatory results, it said
The agency said examples of practices it plans to review include whether companies make misleading statements about the collection and use of the information; failure to assess foreseeable harm to consumers before collecting the information; and not providing adequate training to employees and contractors.
The Illinois Biometric Privacy Act, which regulates the collection of biometric identifiers, such as through fingerprint recognition software, has led to thousands of lawsuits against companies in Illinois and elsewhere.
The Illinois Supreme Court ruled in a split opinion in February that employers violated BIPA any time they collected fingerprints from an employee and disclosed the biometric information without consent.
The State Supreme Court’s 4-3 ruling in Latrina Cothron v. White Castle System Inc. followed its unanimous decision on February 2 i Tim’s vs. Black Horse Carriers. Inc., where it held that claims under BIPA are governed by a limitation period of five years, rather than one year.