US Biometrics Law Tested By Six Flags Lawsuit


The Illinois Supreme Court is set to hear arguments that will help it determine when consumers can take action under the Biometric Information Privacy Act.

Passed in 2008 in Illinois, the Biometric Information Privacy Act is the toughest standard for biometric privacy in the nation, imposing strict rules on how companies can collect data like fingerprints from a person, requiring consent before obtaining the information.

According to Law360, the case is focused on the mother of a teenage boy who filed a lawsuit against Six Flags after her son’s thumbprint was scanned for season pass entry. The suit alleges that collecting the data violated the law, but the company argued that there was no actual harm done by the collection of the print.

However, privacy advocates have warned that if consumers have to show they were harmed from the data collection, it would negate the power of the law. And the report noted that some of the Supreme Court judges have appeared skeptical of the company’s arguments.

This isn’t the first lawsuit surrounding the use of biometrics. Earlier this year a federal judge ruled that a class action lawsuit against Facebook alleging that the social network’s photo scanning technology ignores users’ privacy rights can proceed.

If Facebook is found to have violated the Biometric Information Privacy Act, the company could face fines of $1,000 to $5,000 each time a person’s image is used without permission. It could also result in new restrictions on the site’s use of biometrics in the U.S.

Alphabet Inc.’s Google is dealing with similar claims in federal court in Chicago.

“When an online service simply disregards the Illinois procedures, as Facebook is alleged to have done, the right of the individual to maintain her biometric privacy vanishes into thin air,” Donato wrote in the ruling. “The precise harm the Illinois legislature sought to prevent is then realized.”