Slashdot Mirror

← Back to Stories (view on slashdot.org)

Do You Own Your Own Fingerprints? (bloomberg.com)

Posted by EditorDavid on from the unique-identifiers dept.

Slashdot reader schwit1 quotes an article from Bloomberg: These days, many of us regularly feed pieces of ourselves into machines for convenience and security. Our fingerprints unlock our smartphones, and companies are experimenting with more novel biometric markers -- voice, heartbeat, grip -- as ID for banking and other transactions. But there are almost no laws in place to control how companies use such information. Nor is it clear what rights people have to protect scans of their retinas or the contours of their face from cataloging by the private sector.

There's one place where people seeking privacy protections can turn: the courts. A series of plaintiffs are suing tech giants, including Facebook and Google, under a little-used Illinois law. The Biometric Information Privacy Act, passed in 2008, is one of the only statutes in the U.S. that sets limits on the ways companies can handle data such as fingerprints, voiceprints, and retinal scans. At least four of the suits filed under BIPA are moving forward... Under the Illinois law, companies must obtain written consent from customers before collecting their biometric data. They also must declare a point at which they'll destroy the data, and they must not sell it... "Social Security numbers, when compromised, can be changed," the law reads. "Biometrics, however, are biologically unique to the individual; therefore, once compromised, the individual has no recourse, [and] is at heightened risk for identity theft."

4 of 67 comments (clear)

  1. Of course you dont by Anonymous Coward · · Score: 4, Informative

    Once it's put into the system just assume everyone has access to it.

    Just because it's supposedly secure now doesn't mean someone wont in the future get in.

  2. Depends on the country by prefec2 · · Score: 4, Informative

    In the EU the data is private and must be handled privately. It can also not been transported out of EU, except in other save countries. Surprisingly due to the PrivacyShield treaty the US is declared to be save. Unfortunately they have no such standards.

    1. Re:Depends on the country by Kindaian · · Score: 4, Informative

      Also, the EU regulations state that the data should be handled just to fulfull the requirements of the service rendered.

      Additionally, if the data is exported to the US it still needs to comply with all EU regulations. The fact that the data moved to a different country has no bearings on what the companies can do with it (they still need to apply the EU regulations).

      And if they use 3rd party services for some internal processes that have access to the data, those 3rd party also need to comply.

      It is not a "out-of-eu regulation" free card.

  3. Re: You don't own anything by ooloorie · · Score: 4, Informative

    Ownership of anything is defined by power, and unless you have more power than the government you live under, they can take anything from you at anytime.

    No, ownership is not "defined by power", it is defined by mutual agreement. The more you define ownership by power, the more totalitarian society becomes.