Enforcement of biometric privacy laws has been on the rise, starting with the Illinois case Rosenbach v. Six Flags (discussed in a January alert), which held that statutory non-compliance with the Illinois Biometric Information Privacy Act (BIPA) constitutes sufficient injury to permit suits for damages and injunctive relief. The acquisition of biometric information also is being scrutinized under the European Union’s (EU’s) General Data Protection Regulation (GDPR), with the Swedish Data Protection Authority recently issuing a $20,650 fine to a school that used biometric facial recognition technology to record attendance.
