This article is part of the On Tech newsletter. You can register here to receive it weekdays.
Americans should feel angry about companies that collect pieces of our data to sell us sneakers or gauge our creditworthiness. But a data protection law that few of us know about also gives us hope.
I am talking about Illinois Biometric Information Privacy Act, or BIPA. It is one of the toughest privacy laws in the United States. And it passed in 2008, when most of us didn’t have a smartphone and couldn’t imagine Alexa in our kitchens.
It applies only to Illinois residents and is not limited to much more than what companies do with data from our bodies, like face scans and fingerprints. But its principles and legacy suggest that effective law can gain control from information mining companies.
The BIPA could also show that the states may be America’s best lab to tackle the downsides of digital life.
The pedestrian origin of the law believed how it happened. In 2007, a company that allowed customers to pay in-store with their fingerprints went bankrupt and they discussed selling a fingerprint database. People who think it’s creepy want to stop such activities.
Few outsiders pay attention to the BIPA negotiations, and this may be the secret to its success. Now tech companies roll out armies to deflect or shape proposed regulations.
Adam Schwartz, a senior attorney at the Electronic Frontier Foundation, told me that the text of the law is simple but profound.
First, companies behind technologies like voice assistants or image recognition services can’t use people’s biometric details without their consent or knowledge. Very few American privacy laws go this far – and probably no more. Usually, we have to agree with any company that wants to do with our data or not use the service.
Second, BIPA forces companies to limit the data they collect. Those two principles also lie within Europe’s landmark data privacy law.
And third, the law allows people – not just the state – to sue companies. (More on this below.)
A practical BIPA effect is that Google’s Nest security camera does not provide the familiar facial recognition feature in Illinois. BIPA may be the reason Facebook turned off facial recognition in online photos. Illinois law is the basis of several Clearview AI challenge lawsuits, which have taken billions of photos from the internet.
However, BIPA has not prevented the data surveillance economy from growing out of control.
But, Schwartz says, companies collect personal information worse without a law. “BIPA is the gold standard and what we want to see in all privacy laws,” he said.
I have written before about the need for an extensive national privacy law, but perhaps that is not necessary. Instead of relying on an inactive Congress, we could have a host of state measures, like less aggressive versions of BIPA and California’s fraught but promising data privacy laws.
Alastair Mactaggart, founder of California for Consumer Privacy, advocates for consumer privacy laws, said: “There is no magic bill that would cite no-cite privacy fixes. He says 50 privacy laws can be messy but better than a weak national law.
BIPA also shows that we should not feel helpless in controlling our personal information. Data monitor can be tamed. “The status quo is not predetermined,” said Schwartz.
The two hottest terms in technology policy
I try not to disturb you (and myself) with the rule sausage. However, allow me to dodge two clauses to watch out for as more states and Congress review regulations on technology companies including data privacy, online performance, and restrictive powers. their.
Those terms are right to act privately and pre-emption.
The first one means, basically anyone can sue a tech company – not just government officials.
In general, left-wing politicians (and lawyers) say private cases are a good way to account. The right lawmakers and many businesses say they waste time and money.
This right to sue will be at the heart of controversy in any battle over technology regulation.
Democrats in Congress say they want to tame Big Tech’s power, for example by letting merchants feel their businesses crushed by Amazon, suing the company for anti-competitive actions. . This is a deal-breaking factor for many Republicans.
California privacy law gives people the right to sue companies for data security breaches. Data privacy bills are considered to be more business-friendly – such as Virginia pending law – often don’t give people the ability to sue.
And in terms of royalties: Basically, it means that any federal law surpasses state law.
Feel good about this concept too, as it could be at the heart of future technology skirmishes. My colleague David McCabe has said that tech companies worried about future state or local digital privacy laws have been talking about congressional legislation that will replace states.
Before we go …
The news is back on Facebook in Australia: My colleagues Mike Isaac and Damien Cave have reported that Facebook has reached a (provisional) compromise on an Australian bill that will cause tech companies to pay for news links. As a result, Facebook blocked domestic news.
Software bugs are holding people in jail? Public radio station KJZZ in Phoenix reported that hundreds of people who should have qualified for release from state prisons are instead being held there because the software has not included up-to-date conviction laws.
She wants some parts of online learning to go on: Rory Selinger, a 14-year-old student, wrote on OneZero that distance learning freed her to embrace her own way of learning, let teachers give immediate feedback and feel less social pressure. at school. She wants the flexibility of online learning to redefine education.
Bless this TikTok video of a cute popping Chihuahua.
We want to hear from you. Let us know what you think about this newsletter and what else you’d like us to explore. You can contact us at [email protected]
If you have not received this newsletter in your inbox, Please register here.