This article is part of the On Tech newsletter. You can Login here to get it on weekdays.

Americans should be annoyed that companies collect every piece of our data to sell us sneakers or to assess our creditworthiness. However, a data protection law that few of us know about should also give us hope.

I’m talking about the Illinois Biometric Information Privacy Act, or BIPA. It is one of the strictest data protection laws in the United States. And it passed in 2008 when most of us didn’t have a smartphone and couldn’t imagine Alexa in our kitchen.

It applies to Illinois residents only and does not limit anything more than what companies do with data from our bodies, such as facial scans and fingerprints. But its principles and legacy show that effective laws can remove some control from information companies.

BIPA can also show that states can be America’s best laboratory to address the disadvantages of digital life.

The pedestrian ancestry of the law belies how momentous it became. In 2007, a company that let customers pay with their fingerprints in stores went bankrupt and was discussing the sale of the fingerprint database. People who thought it was scary wanted to stop such activities.

Few outsiders paid any attention to the BIPA negotiations, and this may have been the secret to their success. Now tech companies are unleashing armies to divert or shape proposed regulations.

The legal text is simple but profound, Adam Schwartz, a senior attorney for the Electronic Frontier Foundation, told me.

First, companies behind technologies such as voice assistants or Photo recognition Services cannot use people’s biometric data without their knowledge or consent. Few American privacy laws go that far – and probably none. Usually we have to agree to what companies do with our data or do not want to use the service.

Second, BIPA forces companies to limit the data they collect. These two principles are in Europe’s pioneering data protection law, also.

And third, the law allows people – not just the state – to sue companies. (More on this below.)

One practical effect of BIPA is that Google’s Nest security cameras in Illinois have no function for recognize familiar faces. BIPA could be the reason for Facebook a function is deactivated this identifies faces in online photos. Illinois law is the basis of several lawsuits against Clearview AI Billions of photos scraped off the internet.

However, BIPA has not prevented the data surveillance economy from spiraling out of control.

However, Schwartz said that without the law, companies’ collection of our personal information would have been worse. “BIPA is the gold standard and the kind of thing we want to see in all privacy laws,” he said.

I have already written about the need for comprehensive national data protection law, but maybe it is not necessary. Rather than relying on a dysfunctional Congress, we could have a patchwork of government policies, like less aggressive versions of BIPA and California flawed but promising data protection laws.

“There’s no magic bill that calls privacy into question,” said Alastair Mactaggart, founder of Californians for Consumer Privacy supported these dual consumer protection laws. He said 50 privacy laws could be messy, but better than one weak national law.

BIPA also shows that we shouldn’t feel helpless in controlling our personal information. The data monitoring machine can be tamed. “The status quo is not predetermined,” said Schwartz.


I try not to bore you (and me) with the legislative sausage. However, allow me to sneak in two terms to keep an eye on how more states and Congress are considering regulating tech companies, including privacy, online expression, and limiting their powers.

These terms are private right of action and Right of first refusal.

The first basically means anyone can sue a tech company – not just government officials.

By and large, politicians on the left (and lawyers) say private lawsuits are an effective measure of accountability. Legislators on the right and many companies say they are a waste of time and money.

This right to sue will be a central point of contention in almost any battle over technology regulation.

Democrats in Congress said they want to tame the power of big tech, for example by having merchants who feel their businesses are being put down by Amazon, sue the company for anti-competitive measures. This is a deal breaker for many Republicans.

California’s privacy law gives people the right to sue companies for data breaches. Data protection bills that are considered more business-friendly – such as a pending law in Virginia – do not usually give people the opportunity to sue.

And on prevention: it essentially means that every federal law exceeds state laws.

Make yourself comfortable with this concept too, because it could be at the center of future technical battles. My colleague David McCabe did said that tech companies, concerned about future local or state digital privacy laws, have been talking about congressional laws that would replace states.


  • The news is back on Facebook in Australia: My colleagues Mike Isaac and Damien Cave reported that Facebook did reached a (temporary) compromise about an Australian bill that tech companies would pay for news links. Facebook had blocked messages in the country as a result.

  • Buggy software keeps people in jail? The public radio station KJZZ in Phoenix Reports that hundreds of people who should be eligible for release from state prisons are being held there instead because the software does not contain updated criminal laws.

  • She wants some parts of the online learning to be kept: Rory Selinger, a 14-year-old student, wrote this on OneZero Distance learning set them free To adopt their own learning style, have their teachers give instant feedback and feel less socially pressured by the school. She wants the flexibility of online learning to redefine education.

Bless this TikTok video one adorable dancing chihuahua.


We want to hear from you. Tell us what you think of this newsletter and what else you would like us to explore. you can reach us at ontech@nytimes.com.

If you don’t have this newsletter in your inbox yet, Please sign in here.



Source link

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.