◄ Back to Table of Contents

By Anaya Robinson, Senior Policy Strategist

Biometric data is our most personal — and vulnerable — data. We use it to open our phones, pay for our groceries, monitor our heart rates and learn more about our ancestry and familial connections. This technology has made our lives easier, but without proper regulation, this convenience comes at a severe cost. The ACLU of Colorado is committed to protecting data privacy. The 2024 legislative session will see new and exciting data privacy work, beginning with the proposed Biometric Identifiers Privacy Act (BIPA), a part of our Privacy and Liberty Project.

Right now, corporations have nearly unlimited power to collect, store, buy and sell biometric data. Without BIPA, they can sell and share data about an individual’s DNA, fingerprints, keystrokes, or health app data without getting consent and without ever telling the person whom the data belongs to. Corporations and governments can this sensitive information; the applications for these data products are still emerging. For example, health insurance companies can buy swaths of fitness and health app data to feed into their algorithms to determine insurance premiums. Life insurance companies can use purchased data to determine whether someone is approved for a policy. Law enforcement can buy your DNA, fingerprints and facial mapping without ever having contact with you.

BIPA would implement new data protections intended to increase transparency and consent, and reduce the risk of data misuse, nonconsensual data sharing and corporations profiting from personal data. As the ACLU of Colorado leads this fight, we’re building a strong coalition of partners to make sure that we can all maintain control over the data that comes directly from our bodies.