Although biometric technologies make the authentication experience easier, the actual collection and storage of the data is presenting new security risks.
In EU use of biometric data now is now regulated by General Data Protection Regulation (GDPR). In the US, state regulators have reacted to these growing concerns around biometric data by enacting or proposing legislation. The Illinois Supreme Court reversed the lower court rulings and ruled that Six Flags had violated BIPA. Massachusetts, New York, and Michigan all have privacy bills in development that have similar requirements to BIPA, and more states are likely to consider drafting laws governing the collection, usage, and storage of biometric data.