And third, the law lets people — not just the state — sue companies. (More on this below.)
One practical effect of BIPA is that Google’s Nest security cameras do not offer in Illinois a feature for recognizing familiar faces. BIPA might be the reason Facebook turned off a feature that identifies faces in online photos. The Illinois law is the basis of some lawsuits challenging Clearview AI, which scraped billions of photos from the internet.
BIPA didn’t, however, stop the data-surveillance economy from growing out of control.
But Schwartz said that companies’ collection of our personal information would have been worse without the law. “BIPA is the gold standard and the kind of thing we’d like to see in all privacy laws,” he said.
I’ve written before about the need for a sweeping national privacy law, but maybe that’s not necessary. Rather than relying on a dysfunctional Congress, we could have a patchwork of state measures, like less aggressive versions of BIPA and California’s buggy but promising data privacy laws.
“There’s no one magical bill that is going to quote-unquote fix privacy,” said Alastair Mactaggart, the founder of Californians for Consumer Privacy, which backed those twin consumer privacy laws. He said that 50 privacy laws could be messy but better than one weak national law.
BIPA also shows that we shouldn’t feel helpless about controlling our personal information. The data-surveillance machine can be tamed. “The status quo is not preordained,” Schwartz said.
I try not to bore you (and myself) with the law-making sausage. Allow me, though, to sneak in two terms to keep an eye on as more states and Congress consider regulation on technology companies including in data privacy, online expression and restraints on their powers.
Article source: https://www.nytimes.com/2021/02/23/technology/the-best-law-youve-never-heard-of.html