AI - August 28, 2025

States Crack Down on Facial Recognition: Battling Tech Companies for Biometric Privacy Rights

The proliferation of biometric data collection by tech companies is facing increased scrutiny, as 23 states have enacted or expanded laws to regulate the unauthorized scraping of sensitive information such as facial and voice data.

While federal regulations on facial recognition technology remain absent, state legislatures are taking action to protect citizen privacy rights. Last month, Colorado mandated that consent be obtained before using facial or voice recognition technology, while also prohibiting the sale of biometric data. Texas passed an AI law in June, banning the collection of biometric information without permission. Last year, Oregon approved data privacy rules requiring consumers to opt-in prior to companies gathering face, eye, and voice data.

Adam Schwartz, Privacy Litigation Director at the Electronic Frontier Foundation, emphasized the need for legislation that modifies tech company behavior, stating that they will continue to profit from private information if no restrictions are implemented.

Facial recognition technology has been widely adopted by the industry, with instances of companies pulling back from its use in certain circumstances. For example, Facebook shut down its face-recognition system following a biometric privacy lawsuit in 2021. However, with advancements in AI, facial recognition technology is increasingly prevalent in various aspects of modern life, including apps and smartphones.

Professor Pete Fussey of the University of Essex highlighted the ubiquity of facial recognition technology, stating that while it offers convenience, there is no control over how biometric data is used.

States implementing these safeguards view them as a means to counteract the prevalence of digital tracking in everyday life and have been successful in extracting significant payouts from tech companies. Google and Meta each paid $1.4 billion to Texas for allegedly collecting facial recognition data without permission, while Clearview AI settled a case for $51 million over scraping billions of images online without consent.

Illinois’ biometric privacy law stands out due to its strict requirements for written consent before companies can collect biometric data, unlike most states that only require digital consent or acceptance of terms and conditions policies. Critics argue that these agreements are largely symbolic in practice, as few people read the terms of service.

“Nobody is reading these terms of service,” said Michael Karanicolas, a legal scholar at Dalhousie University. “Absolutely nobody can effectively engage with the permission we’re giving these companies in our surveillance economy.”

Illinois’ biometric privacy law allows individuals to sue companies, which advocates say tech industries have lobbied against. California and Washington state also allow residents to sue under certain circumstances. However, most laws rely on state attorneys general to enforce them, with the exception of Illinois and a few other states that grant citizens a private right of action.

Despite these safeguards, overseas companies like PimEyes, which operates as a “face search engine,” can evade regulation due to their international operations. Critics argue that PimEyes’ service enables stalking, porn performer identification, and the exposure of children’s photos. However, the company promotes its service as a tool against identity theft, deepfake pornography, copyright infringement, and catching dating app “catfishers.”

Despite a lawsuit filed by five Illinois residents seeking class-action status, PimEyes could not be served legal documents due to the company’s elusive overseas operations. The case was eventually dropped due to the unavailability of PimEyes’ CEO and other officials.

In Congress, various facial recognition bills have been proposed, including a recent one requiring the Transportation Security Administration to inform passengers of their right to opt-out of face screenings. However, these proposals have yet to progress beyond initial stages. Schwartz with the Electronic Frontier Foundation continues to advocate for a national biometric privacy law that mirrors Illinois’ protections, but faces resistance from tech companies and their lobbyists.

Recent Posts

Pentagon’s New Press Policy: Impact on Smaller Publication Coverage by Defense Secretary Pete Hegseth

U.S. Drug Cartel Strategy Echoes War on Terror Tactics: A Look at the Administration’s Blueprint

U.N. Urges Taliban to End Internet Blackout in Afghanistan: Crippling Humanitarian Crisis and Freedom of Expression at Stake

Germany Faces Existential Second China Shock as Manufacturing Sector Falters Amidst Rising Chinese Competition

Federal EV Tax Credit Deadline Sparks Record Sales Boom in July-September, but Slower Growth Expected Ahead

U.S.-Israeli Plan Outlines Conditional End to Gaza Conflict, Including Hostage Release and Hamas Disarmament

Thousands of Federal Workers Find Mixed Emotions as Buyout Program Comes to an End, Leaving Uncertain Future Ahead

American Surgeon Transforms Palestinian Woman’s Life Before US Visa Suspension

Massive Collapse at Indonesian Islamic Boarding School: Rescuers Race Against Time to Free Trapped Students as Death Toll Rises

Climate Change Impact on Ocean Rise by 2050: A Regional Perspective by NPR’s Rebecca Hersher