Identity News Digest – June 10, 2024

Welcome to FindBiometrics’ digest of identity industry news. Here’s what you need to know about the world of digital identity and biometrics today:

Minnesota Gets Its Own Comprehensive Data Privacy Act

Minnesota Governor Tim Walz has signed HF 4757 into law, enacting the Minnesota Consumer Data Privacy Act, which will take effect on July 31, 2025. This comprehensive data privacy legislation includes specific provisions for biometrics, prohibiting the processing of biometric or genetic data to uniquely identify an individual without their consent. The Act defines such data as “sensitive” alongside information like racial or ethnic origin, religious beliefs, health conditions, sexual orientation, and specific geolocation data. It applies to businesses operating in Minnesota or targeting Minnesota residents if they handle the personal data of at least 100,000 consumers or derive significant revenue from selling personal data. Enforcement lies exclusively with the Attorney General, who can impose civil penalties of up to $7,500 per violation, with a 30-day grace period until January 31, 2026, for businesses to rectify violations.

DHS Moves to Boost Biometric Border Funding with Proposed Rule Change

The Department of Homeland Security (DHS) is proposing a rule change to the 9-11 Biometric Fee, which affects large companies with numerous H-1B or L-1 visa employees. The proposed amendment clarifies that companies must pay the fee not only for new hires and when employees switch employers, but also when extending an employee’s stay. The fee supports the implementation and maintenance of DHS’s biometric entry-exit data system, which enhances national security by tracking non-U.S. citizens’ entry and exit using biometric data such as fingerprints and facial recognition. The proposed rule change comes after TSA head David Pekoske testified that full biometric border screening implementation across all U.S. airports would be delayed until 2049 without increased funding.

OnlyFans Affiliate Dodges BIPA Lawsuit

A judge has dismissed a class action lawsuit under Illinois’ Biometric Information Privacy Act (BIPA) and the Illinois Right of Publicity Act (IRPA) against Fenix Internet, LLC, an affiliate of OnlyFans. In Jane Doe et al. v. Fenix Internet, LLC, the plaintiffs accused Fenix Internet of improperly collecting and using biometric information through an automated age verification process. The judge granted Fenix Internet’s motion to dismiss for lack of personal jurisdiction, noting that the plaintiffs failed to demonstrate Fenix Internet’s involvement in the biometric data collection, which was managed by its UK-based parent company, Fenix International Limited.

boost.ai, Pindrop Deliver Voice Authentication and Interaction to Credit Unions

Conversational AI provider boost.ai has announced new partnerships with Credit Union of Colorado and Desert Financial Credit Union (DFCU), alongside a strategic collaboration with voice security solutions provider Pindrop. As part of its U.S. market expansion, boost.ai has opened a new office in Boston to support its growing network of U.S.-based customers and partnerships, including Michigan State University Federal Credit Union and Fort Community Credit Union. The partnership with DFCU integrates boost.ai’s IVR-capable virtual agent with Pindrop’s Deep Voice biometric engine to authenticate callers within three to five seconds, enhancing security and user experience. The virtual agent, named “Dee,” has already saved 42 hours of agent time in its first week, equivalent to the workload of three full-time employees.

Amazon Illegally Sold Facial Recognition to Russia, Claims Former Employee

Charles Forrest, a former Amazon Web Services (AWS) employee, has accused the company of violating UK sanctions by supplying facial recognition technology to Russia after its invasion of Ukraine. Forrest presented these allegations during a preliminary hearing at a London employment tribunal, claiming that AWS sold its Rekognition technology to Russian state security services through a shell company in the Netherlands. He alleged that his dismissal from AWS was a result of raising these concerns and other issues from November 2022 to May 2023. AWS has denied these accusations, stating Forrest was dismissed for gross misconduct due to not adhering to his work responsibilities. Amazon emphasized that it had not sold Rekognition to the Russian company VisionLabs and dismissed Forrest’s claims as lacking merit.

—

June 10, 2024 — by Tony Bitzionis and Alex Perala