To defend our privacy, biometrics law must be protected

Many big tech companies would like to boot Illinois’ strong Biometric Information Privacy Act into cyberspace.

SHARE To defend our privacy, biometrics law must be protected

The Illinois State Capitol.

Seth Perlman/AP

Sometimes, what the Legislature doesn’t enact can be as important as what it does.

For another session, the Illinois Legislature has wisely neither repealed nor weakened a pioneering law that protects the biometric information of each of the state’s residents, the Biometric Information Privacy Act. The Legislature stood firm even though many big tech companies would like to boot the law into cyberspace.

Individuals’ thumbprints, retinas, irises and faces become biometric information once they are stored digitally. Companies can profit when they use or sell the data. But if the data falls into the hands of criminals who scoop it up on the dark web or through data breaches, it could make ordinary identity theft look like a parking ticket. Unlike getting a new credit card number, biometric data can’t be changed.

BIPA requires entities that collect biometric information to notify people they are collecting it, say how it will be used and obtain their approval. It was the country’s first such law and remains the most stringent. On Tuesday, a federal judge ruled it doesn’t exclude photo-derived facial recognition.

Editorials bug


But as reasonable as the law is — companies can collect the information, but they have to be open about it — it keeps popping up in lawsuits.

On Thursday, Google settled a $100 million class-action privacy lawsuit that alleged Google didn’t get users’ consent for a tool that sorts faces in its Google Photos app by similarity.

Last month, the U.S. Ninth Court of Appeals allowed a settlement to go forward in a lawsuit that claimed Facebook violated BIPA by collecting and storing users’ biometrics as part of its “tag suggestions” and other features involving facial recognition technology.

In February, Tiktok’s parent company agreed to pay $92 million to settle claims that it violated BIPA by not getting consent to collect facial and fingerprint scanning and other biometric information.

Opinion Newsletter

Although none of the companies admitted wrongdoing, these settlements raised hope that we can avoid a future in which each of us is tracked throughout our lives by our unique physical characteristics. People shouldn’t have to constantly dig through ever-changing privacy settings in all kinds of apps to try to protect their biometric information.

Efforts are underway in Congress to protect biometric information. Encouragingly, some federal lawmakers are even talking about banning businesses from abusing customers’ biometric information. A strong federal law that doesn’t weaken protections provided by the states would be ideal. But nothing has passed at this point.

Illinois’ law could be tweaked to improve it, but first, opponents must agree to negotiate rather than just try to get rid of it.

Our privacy depends on it.  

Send letters to

The Latest
Jessie Montgomery has curated the group’s concert program as part of her duties as the Chicago Symphony Orchestra’s Mead Composer-in-Residence.
Hunters give many reasons why they like using certain single-shot rifles, which are now legal for use in firearm deer seasons in Illinois.
This year’s annual United Nations climate summit, which starts Thursday, should bring our climate emergency back to the forefront. Americans should demand our leaders make saving the planet a priority.
Unable to perform well sexually, man is sympathetic when his wife asks if she can get some action on the side.
Directing and doing the best acting of his career, he also showcases Carey Mulligan, passionate as the conductor’s long-suffering wife, Felicia.