In easy language, biometrics can be defined as a measurement system of an individual’s physical as well as behavioral attributes which are used as an authentication tool (and maybe even a surveillance tool!). Biometrics are unique to an individual and a stronger method of identity verification than other methods which include Password, PIN, or OTP (one-time password) verification, as these cannot be duplicated or hacked.  

Connection between Privacy and Biometrics 

1. Biometrics, being no panacea, is prone to privacy risks. There are various privacy challenges that Biometrics, as an identification tool, faces. They are discussed below briefly.  
2. Function Creep: This problem occurs when the biometric data collected is used for additional purposes, for which the consent wasn’t taken.  
3. Covert Collection/ No Consent: The secret or passive gathering of people’s biometric data beyond their awareness, involvement, or agreement poses another privacy danger. For instance, latent fingerprints may be retrieved to gather biometric data long after a person has made contact with a hard surface, and facial biometric data can be obtained from images that people are unaware are being shot.  
4. Dehumanizing effect: Reducing a person’s distinctive and natural biological traits to a blueprint might have an effect on how they establish a self-identity and also how they connect to everyone else, and it can be regarded as inhumane. 

Other, more general aspects of privacy are also put in jeopardy by biometrics. For instance, the use of biometrics for tracking or surveillance purposes can violate people’s right to territorial privacy. Parallel to this, gathering biometric data like DNA samples may have an effect on a person’s right to personal space. 

Now that it is understood how biometrics can infringe privacy, some legal developments in the form of Biometrics Privacy Lawsuits are discussed below.  

1. Rosenbach v. Six Flags Entertainment Corporation The mother of a fourteen-year-old kid filed a lawsuit against Six Flags Entertainment Corporation in Rosenbach v. Six Flags Entertainment Corporation under the Illinois Biometric Privacy Act (BIPA). Plaintiff claimed that the amusement park improperly collected, used, and stored her son’s fingerprint template without first getting her express permission and without adequately exposing the company’s business practices in this regard. Plaintiff had not established an “actual injury,” thus Six Flags, the defendant, claimed that she was not an “aggrieved party” for the provisions of BIPA. The request was rejected. After then, the defendant submitted a move for review. If a person having had simply experienced a breach of the BIPA notice and consent procedures might be considered “aggrieved” was one of the issues the district court raised for appeal review. The Illinois Appellate Court rejected both of the issues on appeal. The Illinois Supreme Court will now hear the case. 
2. Walton v. Roosevelt University The Illinois Appellate Court held, in accordance with a number of federal rulings, that the Labor Management Relations Act (LMRA) preempts claims made under the Illinois Biometric Information Privacy Act (BIPA).  In the case of Walton v. Roosevelt University, the petitioner, an employee sued his employer, claiming that Roosevelt University had obliged him to scan his hand into a biometric device when signing in and out of work without receiving his explicit written permission. He additionally claimed that the University had unintentionally supplied his biometric information to a third-party payment firm. The complainant wished to speak for all workers who were in a comparable situation. The University filed a motion for dismissal, claiming that BIPA was superseded by the LMRA since the claimant was protected by a collective bargaining agreement with a “management rights” clause. The trial court rejected the defendant’s request to dismiss, but it did certify the issue of whether the plaintiff’s claims were precluded by the LMRA for review. The Illinois Appellate Court ruled in favor of the University, declaring that the LMRA preempted the claimant’s arguments. 
3. Bryant v. Compass Group Bryant worked for a company in Illinois that featured a cafeteria with Compass-owned vending machines. Cash was not accepted by the machines; instead, a user had to set up an account using her fingerprint. According to the Illinois Biometric Information Privacy Act, fingerprints are “biometric identifiers” (BIPA). Compass neglected to notify Bryant in writing that her biometric data was being accumulated or retained, of the precise reason and duration for which her fingerprint was being accumulated, preserved, and utilized, nor did it acquire Bryant’s written approval to capture, and use her fingerprint. This was an infringement of BIPA because Compass never made a retention policy and its plan for destroying the data after collecting it. Bryant filed a class action in court. The district court determined that Bryant suffered no actual injury as a result of Compass’s asserted breaches, which were only procedural infractions. The Seventh Circuit ruled differently. Failure to adhere to BIPA results in a specific and particularized breach of personal rights. 

Conclusion 

Privacy advocacy groups have questioned the legitimacy of several biometric data gathering methods as a result of corporations employing biometric identification at the workplace, such as fingerprints, facial identification software, and iris scans. While technological innovation could make the workplace more effective, data privacy concerns must be addressed to safeguard people from incidences of biometric information abuse, data breaches, and identification fraud.