Brooklyn Law Review


Eliza Simons


The use of biometric identification in the consumer industry has grown immensely over the last decade and is projected to continue growing at an even faster rate. As private entities abandon password-based security systems and opt for the more secure, convenient, and cost-effective method of using biometric data, individuals are worried how that information will be protected. Although the right to privacy has always been valued in the United States, Congress has yet to specifically address biometric privacy. This note sets the legal landscape of privacy law, through the lens of biometric privacy, by surveying four categories of privacy law: (1) Federal privacy laws in general; (2) state privacy laws in general, specifically the California Consumer Privacy Act (CCPA); (3) state biometric-specific privacy laws; and (4) a federal biometric privacy law. The fourth category is what is missing from the current regulatory scheme. This note identifies issues with state biometric privacy laws, including unclear definitions of biometric privacy and Article III standing. Ultimately, this note concludes that a federal biometric privacy law should be modeled after the CCPA, but narrowed to biometric information.