Biometric data is integral to everyday life: it unlocks your phone with face-ID or voice recognition; it verifies your identity at work or the gym with a fingerprint or palm scan; it tags people in your social media posts; and it is increasingly being used to provide access to secure buildings, areas, or files.

As the commercial use of biometric data increases, so do concerns about the privacy, security, and control of this uniquely personal identifying information. This has prompted several states to enact or—as New Jersey has done—propose legislation that regulates the collection, use, and retention of biometric data. These legislative efforts raise myriad legal issues, including how private entities can obtain the required consent to collect, use, and store an individual’s biometric data. New Jersey’s legislative proposal (as well as other states’ existing statutes or proposals) requires formal written consent before collecting, using, or storing an individual’s biometric data. But, depending on the context, written consent may not be a realistic requirement. Assuming the benefit of using biometric technology in various applications is deemed to outweigh the potential privacy and security concerns, then it is clear that legislators should consider different forms of consent for those contexts where formal, written consent is not possible or not practical.

The Legal Landscape