Patchwork: Addressing Inconsistencies in Biometric Privacy Regulation

The current patchwork of legislation in the US regarding the use and collection of biometric data is inadequate due to lack of uniformity in definitions of biometric identifiers, the value-exchange offered for consent, difficulty in defining privacy harms for private rights of action, and the lack of means to erase collected data. Congress should adopt a federal law introducing unifying principles for businesses and consumers alike. From these rights, the core principle of control and the right to delete data can grant greater autonomy over individuals' uniquely sensitive biometric information that the current systems in place are failing to protect. Firms would not be able to freely share and match this information resulting in ad-campaigns and automatic fines for littering. Moreover, this individual would have a right to demand that the company delete information collected about them and sue if said statute recognized a private right of action with a specific privacy harm outlined. This would grant the individual much more control and provide companies with a consistent framework that sets expectations and greater obligations upon collection and use of an individual's biometric information.