Over the months, there has been coverage of facial recognition tech companies facing legal action and being sanctioned for not heeding to stringent AI and privacy bills around their use.

Encompassing best practices for the use of biometrics, the AI Act is probably the leading legislation in Europe that sets out standards for minding privacy rights and ensuring security of data, along with the Online Safety Bill and UK Digital Trust Framework.

Across the pond in the U.S. a litany of privacy court cases arose in 2022 taking action against non-compliant behaviour of companies with the well-known Illinois Biometric Information Privacy Act, or BIPA. In 2022 a wave of legislation was passed by individual states imposing their own stance on children’s privacy.

The BIPA regulation stipulates that privacy policy must be made public and set out timeframes for how long biometric data can be kept after capture and then permanently deleted. Consent must be obtained and not shared or used illegitimately for marketing or commercial campaigns.

12 states have introduced privacy legislation including, Arizona, Hawaii, Minnesota, Mississippi, New York, Tennessee and Kentucky.

In May, The Federal Trade Commission voted to crack down on consumer health apps violating privacy regulations by refreshing its Health Breach Notification Rule and issuing an updated policy  on acceptable practices to collect and use consumer biometrics for marketing purposes.

The Illinois BIPA legislation is one of the most recognised across the United States after being introduced as the first state biometric privacy act in 2008.