Brooklyn Law Review


Eric B. Green


Biometric data is among the most sensitive of personal data because it is biologically tied and unique to the individual. Nonetheless, biometric data is an invaluable facet of the research that enables progressive scientific, technological, and medical innovation. Because a comprehensive federal data privacy act does not appear to be on the horizon, the torch has been passed to the states to create their own personal data protection regimes. New Yorkers’ personal biometric data is not aptly protected, partially because neither the New York Privacy Act nor the Biometric Privacy Act (collectively, the NY Privacy Acts) have matured to the point of becoming a legislative reality. This note seeks to establish that the NY Privacy Acts, while necessarily restricting data processing practices by businesses that endanger the consumer, fail to clearly define research and the boundaries of a sufficient research exemption from mandated erasure. To protect New Yorkers’ biometric data while simultaneously maximizing the benefits of biometric data to research, this note proposes that the New York legislature should amend the NY Privacy Acts to include a tripartite definition of “research,” inspired by the definitions of the General Data Protection Regulation, the California Consumer Privacy Act and California Privacy Rights Act, with a reasonable degree of added reverence for the “open science” concept. Finally, the New York legislature should mandate the imposition of both a data protection agency and a biometric data subcommittee that would ensure compliance with the elevated privacy standards required for biometric data while determining appropriate exemptions for research, thereby serving as the gatekeepers for research in the Empire State. Without these gatekeepers, New York would be locking up research and throwing away the key.