Your face is a work of art.
Your face is also a marketable product that will feed an Orwellian database of biometrics that will in turn distill any and all meaningful human features and identifiers into datapoints that will be monitored and marketed by a faceless, digital empire.
At least that’s how Texas law sees things.
This week, Google’s new Arts and Culture app made headlines not just for its ability to match a selfie with a (vaguely) analogous portrait, but also for its inability to work in Texas and Illinois because of privacy laws.
Passed in 2009, Texas’ privacy law prohibits the use of any biometric – digital impressions and recordings of someone’s fingerprints, iris, retina, voice, hand or face – from being sold unless a person consents to do so. Violating the law is punishable by a $25,000 fine.
So far, Google and its parent company Alphabet have been pretty quiet about the situation. That could be because the tech giant is currently involved in a lawsuit over Illinois’ law. KUT reached out to Google for a response on this story, but has not yet heard back.
Sean McCleskey, a privacy attorney who works at UT-Austin’s Center for Identity, says that in blocking the face-to-art-matching feature, it’s likely that Google wanted to err on the side of caution, adding that the entire ordeal highlights an intrinsic issue with regulating technology.
“Sometimes law takes a while to catch up with technology, that’s the reality of it.”
As gears grind in the legislative process, McCleskey says, technology marches onward, more or less. But now, he says, there’s a trend toward regulating the collection of biometrics, and Texas and Illinois are ahead of the curve in getting laws on the books.
“I think that these two states were a little bit forward-thinking in trying to make sure that, if we’re going to use this type of information, we also need to secure… the use of these biometrics," he says.
Oddly enough, Texas' law is more akin to the European Union’s General Data Protection Regulation (GDPR) – a regulatory overhaul of EU data regulation standards that was OK’d in 2016 and will go into effect in May.
McCleskey says the attitude in the rest of the U.S. – save Washington state, which also has a (less stringent) biometric privacy law – is pretty cavalier compared to Europe.
“You give up your data and you don’t really know where it goes,” he says. “They might tell you in the privacy statement, but does anybody really read those things?”
But, when the EU’s laws go into effect in May, McCleskey says U.S. companies like Google will have to completely rethink how they handle consumer data and the bedeviled details in all those unread consent agreements. If they don't, they’ll face penalties like they do in Texas and Illinois – but on a continental scale.
That deterrent could change the way companies handle data stateside, as well.
"I do think that you’re going to start to see a shift where organizations are going to start to think, how do we use data and what kind of consent are we getting? Is it so-so consent or is it really explicit consent that we’re getting from people to use their data?" he says. "I think that’s a change you’re going to see. Hopefully, I think that’s a change you’re going to see."
Still, if you're in Texas or Illinois and you absolutely need to see which portrait (again, vaguely) resembles you, there are ways to get around Google's blocking. You can turn off your location services on the app or use a VPN to mask your location. Or – if you're desperate – go (kind of) old-school, and have a pal from out-of-state else to run your picture through the app.