The collection and use of biometric information may violate the Federal Trade Commission Act, and the FTC plans to scrutinize its use, the agency said in a warning issued Thursday.
The FTC said the increased use of biometric data raises significant consumer privacy and data security concerns and has the potential for bias and discrimination.
“In recent years, biometric surveillance has grown more sophisticated and pervasive, posing new threats to privacy and civil rights,” said Samuel Levine, director of the FTC’s Bureau of Consumer Protection.
“Today’s policy statement makes clear that companies must comply with the law regardless of the technology they are using.”
The agency’s 12-page policy statement notes there has been a proliferation of biometric information technologies in recent years, including facial, iris and fingerprint recognition technologies that collect and process biometric information to identify individuals.
Other biometric information technologies use, or purport to use, biometric information to determine individuals’ characteristics, including age, gender and race, as well as personality traits, aptitude and demeanor, the statement says.
Biometric information “can pose significant risks to consumers,” and “without clear disclosures and meaningful choices” they “may have little way to avoid these risks or unintended consequences of these technologies,” according to the FTC.
Some technologies, such as facial recognition, may facilitate or produce discriminatory outcomes, it said
The agency said examples of practices it plans to scrutinize include whether companies are making deceptive statements about the collection and use of the information; failing to assess foreseeable harms to consumers before collecting the information; and not providing appropriate training to employees and contractors.
The Illinois Biometric Privacy Act, which regulates the collection of biometric identifiers such as through fingerprint recognition software, has led to thousands of lawsuits filed against businesses in Illinois and elsewhere.
The Illinois Supreme Court ruled in February in a divided opinion that employers violated BIPA each time they collected fingerprints from an employee and disclosed that biometric information without consent.
The state high court’s 4-3 ruling in Latrina Cothron v. White Castle System Inc. followed its unanimous Feb. 2 decision in Tims vs. Black Horse Carriers. Inc., in which it ruled that claims under BIPA are governed by a five-year, rather than a one-year, statute of limitations.