Skip to Main Content
Practices

Biometrics

Print Version

Baker Donelson's Biometrics Team provides guidance to companies across all industries on the full range of legal, regulatory, and risk management issues that arise at the intersection of biometric technologies, business, and the law.

Practice Overview


Biometrics has rapidly become ubiquitous in our daily lives and will continue to proliferate at an astonishing pace moving forward. In response, lawmakers have sought to pass new, targeted laws that would impose stringent legal obligations and restrictions on the collection and use of biometric data, many of which also contain private rights of action. Regulators are also now seeking to police improper biometrics practices as well. To further complicate matters, enterprising plaintiffs' attorneys have attempted to stretch the contours of current laws with fairly reasonable success, creating tremendous liability exposure for even small-scale uses of biometric data. Thus, ensuring legal compliance through comprehensive, enterprise-wide biometric privacy compliance programs and strategic risk management measures is essential to mitigating the outsized legal risks that arise when leveraging the benefits of biometrics in commercial operations.

To support the significant need for guidance on the implementation and use of cutting-edge biometric technologies, Baker Donelson maintains a robust, multidisciplinary Biometrics practice. Our Biometrics team members provide skilled yet practical advice on utilizing biometric tools and systems in a manner that maximizes benefits, while also maintaining compliance with the law and mitigating associated legal risks. They are also experienced in aggressively defending class action claims involving alleged noncompliance with today's patchwork of biometric privacy laws.

Our Team

Our Biometrics Team brings together a wealth of experience across a myriad of practice areas, including data privacy, artificial intelligence (AI), emerging companies, labor and employment, litigation, and technology, among others. Our lawyers have intricate experience with the full range of biometric privacy laws and regulations at the municipal, state, federal, and international levels. Our team includes the author of Biometric Data Privacy Compliance & Best Practices found on LexisNexis®, as well as a number of Certified Information Privacy Professionals (CIPP/US and CIPP/E). We regularly advise clients ranging from startups to Fortune 50 organizations across a wide variety of industries, including communications, financial services, health care, real estate, retail, food, eyewear, entertainment/sports, and technology.

Baker Donelson's Biometrics Team devotes significant time and resources to staying abreast of new and emerging biometric technologies introduced for commercial use. We help clients anticipate and prepare for new compliance requirements and legal and regulatory changes by studying recent legal decisions impacting the use of biometric data and monitoring legal trends, pending legislation, and other legal developments.

Our Services

  • Regulatory Compliance. We provide skilled regulatory counseling on the full range of biometrics laws in existence, including the Illinois Biometric Information Privacy Act (BIPA), Texas Capture or Use of Biometric Identifier Act (CUBI), Washington's HB 1493 biometrics law (HB 1493), Portland's private-sector facial biometrics ordinance, New York City's "commercial establishments" biometric identifier information ordinance, and the New York City Tenant Data Privacy Act (TDPA). We also advise clients on the use of biometric data so that they are in compliance with emerging U.S. state privacy laws and the EU General Data Protection Regulation (GDPR). In addition, we provide guidance on regulatory compliance pertaining to the Federal Trade Commission's (FTC) increased focus on policing commercial biometrics practices, especially with respect to facial biometrics.
     
  • Proactive Risk Management and Strategy Development. We advise clients on how to manage and mitigate the growing legal risks that arise when using biometric data, such as data retention and destruction best practices, class action litigation readiness, employee training, and internal policies and procedures. We also advise on novel and challenging liability stemming from unique issues such as marketing materials and potential mass arbitration.
     
  • Product Counseling. We counsel clients as they bring new biometrics-powered products and services to the market. As product counsel, we work closely with clients' business and legal teams in the development and launch of new products and services. We also continue to provide ongoing advice and support in connection with new legal obligations and other relevant developments throughout the product lifecycle.
     
  • Compliance Program Development. We partner with clients to proactively manage risk through the development of comprehensive, enterprise-wide biometric privacy compliance programs for all types of technologies and forms of data. We also work with clients to strengthen and enhance existing biometrics compliance programs by completing audits of current programs; developing remediation plans to address and eliminate compliance gaps; preparing modifications and updates to organizational privacy policies, notices, and consents pursuant to such remediation plans; and advising on the development and implementation of additional practical measures to facilitate ongoing compliance with future biometric privacy laws.
     
  • Policies, Procedures, and Related Disclosures. We regularly develop detailed, complex online biometrics disclosures, including biometrics-specific privacy policy language, notice and consent clickwrap language, terms and conditions, online arbitration provisions, and class action waivers. We also advise on the design, layout, appearance, and content of clickwrap agreements for all types of online contracts to ensure enforceability against customers and other website visitors. We conduct compliance audits and gap analyses of online privacy policies, notices, consents, and related biometrics-specific disclosures, as well as the remedial modifications and updates necessary to achieve compliance.
     
  • Technology Transactions. We draft and negotiate complex multiparty technology contracts involving biometric data use and related biometric privacy considerations, including SaaS agreements and license agreements, as well as a variety of other privacy-related contracts. We also provide guidance and counseling on items such as benchmarked considerations to clients involved in negotiating technology contracts that implicate biometric technologies and/or biometric data, as well as guidance on existing agreements implicating biometrics.
     
  • Class Action Defense. We have deep experience in litigating biometric privacy (and other types of privacy) class action disputes, including successfully defending complex, bet-the-company BIPA class action lawsuits.
  • Compliance & Risk Management Counseling - Technology

  • Assisted two facial biometrics technology developers in preparing consumer-facing materials addressing the most common and significant misconceptions regarding facial recognition solutions.

  • Advised multiple facial biometrics identity verification technology developers on global expansion strategies pertaining to entrance into the U.S. gaming market to provide age and identity verification solutions to sports betting, internet gaming, and fantasy contest operators.

  • Advised a national video market platform developer on biometric privacy compliance and risk mitigation issues in connection with the implementation of new facial and voice biometrics product tools, including: face enhancement feature, AI video face detection feature utilizing human skeleton models and facial landmarks, AI speaker diarization feature, and AI video classification feature.

  • Completed a comprehensive biometric privacy risk analysis of one of world's largest building technology, software, and services entity's AI facial biometrics customer demographics software solution; advised on biometric privacy compliance and risk mitigation strategies during the design phase of software solution.

  • Drafted an end user license agreement (EULA) and related biometric technology contracts for AI-driven facial biometrics access control technology developer.

  • Advised a voice biometrics digital identity assurance software company during negotiation of a SaaS agreement with financial institution customer pertaining to voice biometrics customer call center service platform.

  • Compliance & Risk Management Counseling - Manufacturing

  • Advised a global automobile manufacturer on biometric privacy compliance and risk mitigation issues in connection with the implementation of a keyless facial biometrics vehicle access control feature.

  • Advised a global chemical products manufacturer and distributor on biometric privacy compliance and risk mitigation issues in connection with the implementation of a fingerprint identity verification system at U.S. facilities for the purpose of compliance with the U.S. Coast Guard Transportation Worker Identification Credential (TWIC) Reader Rule.

  • Compliance & Risk Management Counseling - Financial Services

  • Prepared online terms of use for a national financial institution regarding mobile app facial and fingerprint biometrics multifactor authentication features.

  • Advised a financial institution during the negotiation of SaaS agreement with a biometrics technology software vendor pertaining to a voice biometrics customer call center service platform.

  • Compliance & Risk Management Counseling - Food/Retail

  • Developed enterprise-wide biometric privacy compliance programs for a national online eyewear retailer, multiple national cosmetics retailers, an ignition interlock device (car breathalyzer) manufacturer, multiple national financial institutions, and a national linen provider.

  • Conducted comprehensive audits and risk analyses of several international and national cosmetic and eyewear brands' biometric privacy programs pertaining to the use of facial biometrics online virtual try-on (VTO) tools, developed remediation plans to eliminate compliance gaps, and advised on measures to facilitate ongoing legal compliance.

  • Advised a national eyewear retailer on biometric privacy- and intellectual property-related compliance and risk mitigation issues pertaining to the implementation of an open source software as part of an in-store eyewear VTO tool offered at physical retail store locations.

  • Advised national eyewear retailer on biometric privacy legal and liability exposure risks stemming from marketing materials touting benefits of next-generation facial biometrics online VTO technology.

  • Provided ongoing advice and guidance to the world's largest multinational eyewear retailer on biometric privacy legal risks, liability exposure, and related issues following the initial rollout of the enhanced facial biometrics online eyewear VTO tool.

  • Drafted and negotiated a complex facial biometrics online eyewear VTO tool platform SaaS agreement and a DPA between a national eyewear retailer and a leading beauty facial biometrics VTO technology developer.

  • Conducted an audit of a national fresh salad producer's use of employee fingerprint time and attendance system and advised on strategic measures for addressing compliance gaps and achieving compliance with current and future biometric privacy laws.

  • Advised a national convenience store and gas station chain on biometric privacy compliance and risk mitigation issues in connection with the implementation of facial biometrics and AI frictionless checkout systems in physical store locations.

  • Advised a multinational pizza chain on the scope of legal obligations and associated risks under global biometric privacy laws and related emerging U.S. privacy laws governing the collection and use of sensitive biometric data; provided guidance on biometric privacy legislative proposals and potential implications on compliance obligations and associated risks.

  • Advised a major consumer-to-consumer (C2C) online marketplace during the re-negotiation of a vendor agreement with facial biometrics selfie ID identity verification provider.

  • Advised multiple clients on BIPA and associated biometric privacy legal risks pertaining to the use of in-store video customer engagement analytics solutions to evaluate customer behavior and interactions in retail stores and measuring the impact of the same on business outcomes.

  • Compliance & Risk Management Counseling - Other Industry Sectors

  • Prepared a comprehensive suite of internal biometric privacy policies for a national security firm in connection with a fingerprint employee access control system; advised on the implementation of internal biometrics policies to achieve compliance.

  • Advised a leading multifamily real estate company on compliance obligations pertaining to the use of a selfie ID facial biometrics identity verification solution.

  • Advised a professional NFL franchise on biometric privacy compliance and risk mitigation issues in connection with the implementation of facial biometrics security and access control system at their home venue.

  • Class Action Litigation Defense

  • Obtained a voluntary dismissal of a national eyewear retailer in putative BIPA class action involving facial biometrics online eyewear VTO tool within 48 hours of being retained to defend the matter.

  • Obtained a voluntary dismissal of a national eyewear retailer in second putative BIPA class action involving facial biometrics online eyewear VTO tool prior to service being attempted by opposing counsel.

  • Obtained voluntary dismissal of an international cosmetics company in putative BIPA class action involving facial biometrics online cosmetics VTO tool by informally educating opposing counsel on the applicability of arbitration defense, prompting opposing counsel to dismiss action without the need to engage in any motion practice.

  • Obtained dispositive dismissal of national party store chain in putative BIPA class action involving employee fingerprint time and attendance system.

  • Represented aerospace turbine manufacturer in two putative BIPA class actions involving fingerprint time and attendance system.

Email Disclaimer

NOTICE: The mailing of this email is not intended to create, and receipt of it does not constitute an attorney-client relationship. Anything that you send to anyone at our Firm will not be confidential or privileged unless we have agreed to represent you. If you send this email, you confirm that you have read and understand this notice.
Cancel Accept