The Electronic Frontier Foundation and the Immigration Policy Center last week released an interesting report on law enforcement’s increasing efforts to gather biometric data, and associated risks of data inaccuracy, racial profiling, erroneous deportations, security breaches, and privacy invasions.  The report calls for greater accountability in the biometrics context, including collection and retention limitations; clear rules for collection, use, and sharing; robust security; notice requirements; and independent oversight. 

In recent months, a number of policymakers have raised concerns about both public and private collection of biometric data.  For example,

  • On May 22, the French data protection authority asked Google a number of follow-up questions about Google’s new privacy policy, including why biometric data is not mentioned in the privacy policy. 
  • On May 14, Hong Kong’s Privacy Commissioner for Personal Data issued revised guidance on the collection of fingerprint data.  The guidance document encourages data users to conduct a privacy impact assessment before collecting fingerprints, offer individuals free and informed choice, and establish strong controls for protecting fingerprint data once it has been obtained. 
  • On April 27, the Article 29 Working Party published an opinion on biometric technologies.  The opinion identifies technical and organizational measures that could help mitigate data protection and privacy risks associated with biometric systems.  The Article 29 Working Party previously published a separate opinion on facial recognition in online and mobile services, which we discussed here.   
  • On April 2, Senator Al Franken (D-Minn.) suggested that the multistakeholder process being convened by the National Telecommunications and Information Administration should examine biometric information privacy.  Sen. Franken wrote, “I believe that any solution to biometric privacy will require a combination of self-regulation and a legislative backstop to ensure that this uniquely and permanently sensitive information is not abused.”  A spokesman told Politico that Sen. Franken is considering whether to convene a Senate subcommittee hearing on the issue.   
  • On January 31, seven members of the Congressional Bi-Partisan Privacy Caucus urged the Federal Trade Commission (FTC) to continue its examination of facial recognition and detection technologies in the commercial sector.  As we noted in an earlier post, the FTC held a workshop on facial recognition in December 2011.  According to recent testimony, a staff report on the privacy and security issues raised at the workshop will be issued in the coming months.