FTC Biometric Data Policy Statement

Litigation partner Justin Kay authored an article for Reuter’s Practical Law the Journal to examine the Federal Trade Commission’s (FTC’s) Biometric Data Policy Statement and enforcement actions, including those involving Rite Aid, Everalbum, and Facebook, and best practices for organizations to meet biometric data privacy guidelines and requirements.

In the article, Kay outlines the FTC’s position regarding biometric data privacy requirements to help organizations adapt to an evolving compliance risk landscape and discusses the FTC’s authority under the FTC Act to regulate biometric data collection, use, storage, and disclosure; how the FTC has addressed biometric data privacy issues; the particular consumer risks for biometric technologies that the FTC has identified and that businesses should address as part of their risk assessment and mitigation measures; the types of biometric data practices that the FTC specifically states that it will scrutinize for FTC Act Section 5 enforcement; the FTC’s December 2023 enforcement action against Rite Aid for using automated decision-making technology relying on biometric data without reasonable safeguards; and best practices for businesses to manage current and future biometric data privacy compliance requirements.

The full article is available to Reuters subscribers.