One of the main ones is that it enabled us to hold a company like Clearview accountable for creating a database of hundreds of millions of people's face prints without consent and selling it to private companies and law enforcement for a whole host of purposes.
We have been advocating for other states to adopt biometric privacy laws and, in particular, make changes, because the Illinois law is at this point quite old, and we have more knowledge about the technology and the risks of the technology.
Among the recommendations that we make in the context of states that were to adopt a legislation like the Illinois BIPA, one is clearly requiring companies to obtain notice and written consent before collecting, using or disclosing any person's identifier, and prohibiting companies from withholding services from people who choose not to consent, so that they're not given the choice of accessing a service versus not accessing the service if they're not willing to give up their biometrics.
We also urge that any legislation require businesses to delete biometric identifiers after one year of the individual's last interaction with a business. For example, if someone gave their biometrics to access a service and consented but no longer has a relationship with that business, the business shouldn't be able to hold on to and amass a database of these sensitive biometrics. As Mr. Israel mentioned, there's a risk of breach. We've seen instances of those, and there's no need for those private entities to hold on to those. We advocate adopting legislation like Illinois' BIPA but also updating it.