Friday, February 3, 2017
In a recent case, the video game publisher 2K recently won the right to collect and store gamers biometric data (in this case, face scans) indefinitely. The face scanning technology is used in at least two of its NBA series games to allow gamers to create "personalized virtual basketball players".
Plaintiffs agreed to allow them to do so when they agreed to the company’s terms and conditions. The plaintiffs didn’t dispute that they had agreed to the terms or that they had consented to having their faces scanned; their objection was that they did not know that the scans would be stored “indefinitely” and that 2K could share the biometric data. The court ruled that there was no harm under the Illinois Biometric Information Privacy Act. The focus was not on contractual assent to the terms and conditions. But this made me wonder, given how unobtrusive most terms and conditions are, and how easy it is to "manifest assent," shouldn't there be more stringent assent requirements when it comes to consent with respect to certain terms (such as the permanent storage and sharing of biometric data)? Isn't it time we moved past the notion of blanket assent?
As more companies move toward biometric data for a wide range of reasons, we’re likely to see more problems with too-easy consent and wrap contracts.