Biometric Data in the Days of Virtual Interaction and E-Learning

April 7, 2020
Molly Arranz
SmithAmundsen Data Privacy & Security Alert


Practice Areas


Due to COVID-19, everyone has been adjusting to daily life from home, including the youngest family members. Education is coming in the form of rapidly-developing technology that provides cybernetic classes and hangouts and the submission of coursework or “attendance” virtually. More businesses now have employees working remotely, using technology to stay in touch with co-workers and conduct meetings. However, this interfacing by schools, dance/music classes and management or team meetings may come with legal risk. The requirements of privacy laws, take, even the Illinois Biometric Information Privacy Act (BIPA) protection of “voiceprints,” are not being relaxed even in these unusual times. Any company should ask what consent and disclosures are in place before they engage in the next virtual connection.

A new class action lawsuit against Google, for use of the tech giant’s educational platform, highlights this challenge. There, a parent claims that Google violated BIPA by collecting voiceprints, facial features and other personal identifiers of children. Google is also being accused of violating the Children’s Online Privacy Protection Act (COPPA), which prohibits companies from collecting personal information from children under the age of 13 without parental consent. So while making remote working and learning resources available during this pandemic is undoubtedly necessary, companies must remember that federal and state privacy laws remain in full force.

If you are allowing for any recordings or interfacing that could involve facial or voice data, you should first: