Skip to Main Content
Our Commitment to Diversity

FTC to Scrutinize Commercial Use of Biometric Information Moving Forward

Share via LinkedIn
Share via Twitter
Share via Facebook
Download PDF Version
Date: 2 June 2023
US Policy and Regulatory Alert
By: Christopher S. Finnerty, Morgan T. Nickerson, Kelly E. Bungard

On 18 May 2023, the Federal Trade Commission (FTC) released a policy statement announcing its intention to combat unfair and deceptive acts related to the collection and use of consumers’ biometric information. This comes in the wake of increased use of biometric information technologies in recent years.

What Is Biometric Information?

The term “biometric information” refers to “data that depict or describe physical, biological, or behavioral traits, characteristics, or measurements of or relating to an identified or identifiable person’s body. It includes depictions, images, descriptions, or recordings of an individual’s facial features, iris or retina, finger or handprints, voice, genetics, or characteristic movements or gestures.”This information can be used to determine characteristics of the individual, ranging from an individual’s age, gender, or ethnicity, all the way to personality traits.

How Is It Potentially Problematic?

Use of biometric information poses a substantial risk of disclosure of personal information, such as one’s healthcare information or religious affiliations. There are also increasing risks of fraud, such as impersonations via “deepfake” video recordings. Per the release, the FTC intends to look closely at a company’s use of biometric technology for:

Deception

Including “false of unsubstantiated marketing claims relating to the validity, reliability, accuracy, performance, fairness, or efficacy of technologies using biometric information” and “deceptive statements about the collection and use of biometrics information.”2

Unfairness

Which includes the use of biometric information that is not sufficiently disclosed to consumers or where “access to essential goods and services is conditioned on providing [such] information.”3 

FTC Act Section 5

Section 5 of the Federal Trade Commission Act (FTC Act) prohibits “unfair or deceptive acts or practices in or affecting commerce.”4 Under Section 5, a practice is unfair if it causes or is likely to cause substantial injury to consumers that is not reasonably avoidable by consumers themselves and not outweighed by countervailing benefits to consumers or competition.Further, Section 5 requires that a company’s representations, including those about biometric information technologies, be substantiated when made—that is, those making such claims must have a reasonable basis for those claims.6

List of Factors

Determining whether a business’s use of biometric information or biometric information technology violates Section 5 of the FTC Act requires a thorough assessment of the business’s practices.7 In making such assessments of compliance, the FTC will take into account factors including, but not limited to, the following:

  • Failing to assess foreseeable harms to consumers before collecting biometric information. Prior to collecting consumers’ biometric information, or deploying a biometric information technology, businesses should conduct a holistic assessment of the potential risks to consumers associated with the collection or use;8
  • Failing to promptly address known or foreseeable risks. For instance, if there is evidence that a certain biometric information technology is susceptible to certain types of errors or biases, businesses should take appropriate proactive measures to reduce or eliminate the risk that such errors could lead to consumer injury;
  • Engaging in surreptitious and unexpected collection or use of biometric information;
  • Failing to evaluate the practices and capabilities of third parties, including affiliates, vendors, and end users, who will be given access to consumers’ biometric information;
  • Failing to provide appropriate training for employees and contractors whose job duties involve interacting with biometric information; and
  • Failing to conduct ongoing monitoring of technologies that the business develops, offers for sale, or uses in connection with biometric information to ensure that the technologies are functioning as anticipated, that users of the technology are operating it as intended, and that use of the technology is not likely to harm consumers.

What It Means

This announcement by the FTC should prompt all businesses to pause and evaluate any current usage of biometric technologies. As biometric information technologies continue to proliferate online spaces, some business organizations may have failed to address the dark sides of the tools. The FTC’s policy statement is a call for businesses to begin assessing their own practices to ensure that biometric information is being used in a proper manner.

FTC, Policy Statement of the Federal Trade Commission on Biometric Information and Section 5 of the Federal Trade Commission Act, May 18, 2023, available at: https://www.ftc.gov/system/files/ftc_gov/pdf/p225402biometricpolicystatement.pdf.

Id.

Id.

15 U.S.C. § 45(n).

See Letter from the FTC to Hon. Wendell Ford & Hon. John Danforth, Ranking Minority Member, S. Comm. on Com., Sci. & Transp., Consumer Subcomm., Comm’n Statement of Pol’y on the Scope of Consumer Unfairness Jurisdiction (Dec. 17, 1980), reprinted in In re Int’l Harvester Co., 104 F.T.C. 949, 1070, 1073 (1984).

See, e.g., FTC Policy Statement Regarding Advertising Substantiation, appended to In re Thompson Med. Co., Inc., 104 F.T.C. 648, 839 (1984), aff’d, 791 F.2d 189 (D.C. Cir. 1986).

FTC, Policy Statement of the Federal Trade Commission on Biometric Information and Section 5 of the Federal Trade Commission Act, May 18, 2023, available at: https://www.ftc.gov/system/files/ftc_gov/pdf/p225402biometricpolicystatement.pdf.

See, e.g., Complaint, In re Lenovo, Inc., FTC File No. 1523134 (Dec. 20, 2017) (alleging that respondent’s failure to take reasonable measures to assess and address security risks created by third-party software it installed on laptops it offered to consumers was an unfair practice).

Christopher S. Finnerty
Christopher S. Finnerty
Boston
Morgan T. Nickerson
Morgan T. Nickerson
Boston
Kelly E. Bungard
Kelly E. Bungard
Boston

This publication/newsletter is for informational purposes and does not contain or convey legal advice. The information herein should not be used or relied upon in regard to any particular facts or circumstances without first consulting a lawyer. Any views expressed herein are those of the author(s) and not necessarily those of the law firm's clients.

Find more items tagged as: Artificial Intelligence, Consumer Products, Navigating the AI Revolution, Policy and Regulatory, Technology
Return to top of page

Email Disclaimer

We welcome your email, but please understand that if you are not already a client of K&L Gates LLP, we cannot represent you until we confirm that doing so would not create a conflict of interest and is otherwise consistent with the policies of our firm. Accordingly, please do not include any confidential information until we verify that the firm is in a position to represent you and our engagement is confirmed in a letter. Prior to that time, there is no assurance that information you send us will be maintained as confidential. Thank you for your consideration.

Accept Cancel