The recent ruling against Six Flags by the Illinois Supreme Court might soon change the way that businesses go about collecting biometric data in the future.
The case involved a 14 year old boy who had his fingerprint scanned when he went to pick up a season pass for the park during a group trip. The fingerprint scanning wasn't out of the ordinary as the park has been collecting this biometric data from guests regularly for years now.
However, the mother of the boy said that she didn't give permission for the company to collect and store that biometric data. The company attempted to argue that no harm was inflicted by obtaining that biometric information; they didn't suffer any injury.
The court felt that just the violation alone was sufficient:
“The violation, in itself, is sufficient to support the individual’s or customer’s statutory cause of action,”
The Illinois’ Biometric Information Privacy Act (BIPA) requires companies like Six Flags to obtain written consent before they collect and use any guest data. If visitors to the park are not informed of how their information is going to be collected, then this inhibits their ability to provide meaningful and informed consent.
The court determined that violating the biometric privacy law only required a violation and didn't require any harm being necessarily being inflicted.
Other states have also passed legislation that seeks to protect the rights of individuals in limiting how private companies can go about obtaining their personal biometric identification. It's likely that a growing number of states might consider implementing similar changes, if more people continue to express concern about the issue.
Pics:
pixabay
pic 2 - cdt
