Your Face May Be The Key to Future Privacy Law: iPhone8 X's new Hacks and Privacy Concerns
iPhone X comes with a new privacy setting that allows facial recognition software to allow consumers to make purchases with Apple Pay. But what does this mean for advertisers and their ability to store data connected to this bio sec feature? A lot actually. It’s a riddle that a lot of states are still unpacking.
Texas Law requires that facial recognition software only be used with informed consent, when it comes to advertisers and information gathered from a person in the public sphere. But when it comes to those who are hacking into the informed consent the user gives an iPhone by keeping the technology “always on,” the situation is a little more murky.
The use of faces gathered from a security hack may not be legal, though there is no federal law that makes this technology secure. That’s why each state has its own specific rendering of biosec (bio security) law. In Texas, for example, there is no explicit private right of action, that is spelled out right to file a lawsuit for an individual person, when a biosec technology is used improperly by a data gatherer to obtain information. Whether one is implied by the law is yet to be decided by cases brought to light. A case in Illinois that was dismissed for a lack of proving “concrete harm” in its argumentation isn’t a good sign when it comes to these provisions. A universal right to file claim against improper use may need to be lobbied for in every single state’s legislature without a Federal law.
How the iPhone X uses facial recognition technology will be of interest to many in the legal community who look to better define the parameters of this issue. Personal data and the data used to unlock security keys can be wrongly leveraged by law enforcement and used for criminal purposes. If a user keeps the device “always on,” it’s very easy to access. It can read your face even if it is just lying on a table and not in active use.
While other protocols in iOS11 make it harder for law enforcement to access your data, this function could make it easy to unlock a phone if a suspect is held in custody.
How criminal law and tort law change in response to these issues, in each state diversely in absence of a strong federal law governing these protocols will be telling. Laws in Alaska, Connecticut, Illinois, Montana, New Hampshire, and Washington are pending and range from prohibiting data collection for the purposes of marketing to collection without consent or parental consent. Some even concern the length of time and permissions surrounding “enrolling” or “storing” of the data in a database with varying levels of security.