Tech

The best law you’ve never heard of

This article is part of the On Tech newsletter. You can register here to receive it during the week.

Americans should be mad at companies that harvest every bit of our data to sell us sneakers or assess our creditworthiness. But a data protection law that few of us know about should also give us hope.

I’m talking about the Illinois Biometric Information Privacy Act, or BIPA. It is one of the strictest privacy laws in the United States. And that happened in 2008, when most of us didn’t have smartphones and couldn’t have imagined Alexa in our kitchens.

It only applies to residents of Illinois and doesn’t limit more than what companies do with our body data, like face scans and fingerprints. But its principles and heritage show that effective laws can wrest control from companies that hog information.

BIPA can also show that states can be America’s best lab to tackle the disadvantages of digital life.

The pedestrian origin of the law belies to what extent it has come to be consistent. In 2007, a company that allowed customers to pay in stores with their fingerprints went bankrupt and discussed the sale of the fingerprint database. People who thought it was scary wanted to stop such activities.

Few outsiders paid attention to the BIPA negotiations, and perhaps that is the secret of its success. Now tech companies are unleashing armies to hijack or shape proposed regulations.

The text of the law is simple but deep, Adam schwartz, a senior lawyer from the Electronic Frontier Foundation told me.

First, companies that originate technologies such as voice assistants or photo recognition the services cannot use the biometric details of people without their knowledge or consent. Few US privacy laws go this far – and probably none yet. As a general rule, we have to be okay with what companies want to do with our data or not use the service.

Second, the BIPA requires companies to limit the data they collect. These two principles are in The historic European data protection law, too much.

And third, the law allows people – not just the state – to sue businesses. (More information below.)

One of the practical effects of BIPA is that Google’s Nest security cameras do not offer functionality in Illinois for recognize familiar faces. BIPA could be the reason why Facebook disabled a feature that identifies faces in photos online. Illinois law is the basis of some lawsuits challenging Clearview AI, which has scratched billions of photos on the internet.

BIPA hasn’t stopped the data surveillance economy from spiraling out of control, however.

But Schwartz said companies’ collection of our personal information would have been worse without the law. “BIPA is the gold standard and the kind of thing we would like to see in all privacy laws,” he said.

I have written before about the need for a broad national privacy law, but it may not be necessary. Rather than relying on a dysfunctional Congress, we could have a patchwork of state measures, like less aggressive versions of BIPA and California Buggy but promising data privacy laws.

“There is no magic bill that fixes privacy,” said Alastair Mactaggart, founder of Californians for Consumer Privacy, who supported these two laws on the protection of consumer privacy. He said 50 privacy laws could be messy but better than a weak national law.

The BIPA also shows that we shouldn’t feel powerless in controlling our personal information. The data monitoring machine can be tamed. “The status quo is not predetermined,” Schwartz said.


I try not to bore you (and myself) with the legislative sausage. Let me, however, squeeze in two terms to keep tabs on as more states and Congress consider regulating tech companies, including data privacy, online expression and restrictions on their powers.

These terms are private right of action and pre-emption.

The first basically means that anyone can sue a tech company – not just government officials.

Generally speaking, left-wing politicians (and lawyers) argue that private prosecutions are an effective measure of accountability. Right-wing lawmakers and many businesses say it’s a waste of time and money.

This right to sue will be a central point of contention in just about any struggle for technology regulation.

Democrats in Congress have said they want to tame the power of Big Tech, such as letting merchants who feel their businesses are being crushed by Amazon sue the company for anti-competitive actions. This is a deciding factor for many Republicans.

California privacy law gives people the right to sue companies for data security breaches. Data privacy invoices considered more business-friendly, such as a law pending in Virginia – do not generally give people the opportunity to sue.

And about preemption: it basically means that any federal law trumps state laws.

Be comfortable with this concept as well, as it could be the focus of future tech skirmishes. My colleague David McCabe has mentionned that tech companies concerned about future local or state digital privacy laws have talked about congressional legislation that would replace states.


  • The news is back on Facebook in Australia: My colleagues Mike Isaac and Damien Cave reported that Facebook has reaches a compromise (temporary) on an Australian bill that would require tech companies to pay for news links. As a result, Facebook had blocked news in the country.

  • Buggy software keeps people in jail? KJZZ public radio station in Phoenix reports that hundreds of people who should be eligible for release from state prisons are instead being held there because the software did not incorporate the updated sentencing laws.

  • She wants certain parts of e-learning to remain present: Rory Selinger, a 14-year-old college student, wrote on OneZero that distance learning set her free to adopt their own learning style, let their teachers provide immediate feedback and feel a reduction in social pressures from school. She wants the flexibility of online learning to redefine education.

Bless this TikTok video for a adorable prancing chihuahua.


We want to hear from you. Let us know what you think of this newsletter and what you would like us to explore. You can reach us at ontech@nytimes.com.

If you haven’t already received this newsletter in your inbox, please register here.

The best law you’ve never heard of

Source link The best law you’ve never heard of

Back to top button