Dive Brief:

• There are currently several lawsuits underway centered around Illinois’ Biometric Information Privacy Act (BIPA) where plaintiffs are suing tech companies including Facebook and Google.
• BIPA, passed in 2008, specifies how companies can use biometric data.
• Illinois has the only known state law in place to protect personal biometric data such as fingerprints, retinal scans or voiceprints.

Dive Insight:

The outcome of the cases will be noteworthy because more and more companies are using biometrics to unlock accounts or tech devices, but there are almost no laws in place to control the use that data.

“These cases are important to scope out the existing law, perhaps point out places where the law could be improved, and set principles that other states might follow,” Jeffrey Neuburger, a partner at law firm Proskauer Rose, told Bloomberg.

The Illinois law requires companies to get written consent before collecting biometric data from customers. Companies must also declare a date at which they’ll wipe out the data, and they cannot sell it.

Last year an Illinois-based financial adviser sued Facebook under BIPA claiming that the company violated his privacy with its facial-recognition software. Two more Illinois residents filed similar complaints against Facebook the following month. Shutterfly, Take-Two Interactive Software and Google have all since been sued by various parties for similar reasons.

We’ll likely to see more action in this area as traditional passwords continually prove easy to crack and more companies look to biometrics as an alternative. Companies that use biometrics will want to watch out for new legislation that could specify how they can use such data.

In May, Google said it was working to allow Android developers to replace passwords with biometrics. Should testing go well, developers would have access to the technology by the end of the year, Google said.