How Pixels and Biometrics Lead to Privacy Claims

Technology impacts every aspect of our lives. From social media to biometrics to the use of artificial intelligence, the world is changing at an astounding rate. And the use of innovative technology is also raising increasing concerns about the privacy risks associated with the use of tracking pixels and biometric data. The right to privacy is a crucial area where technology and the law intersect, and it has become a growing concern for consumers, employees, and businesses.

Governments worldwide are taking steps to protect privacy rights, which has led to new exposures for businesses. Deploying advanced technology without a thorough understanding of the associated risks and privacy implications can result in potential liability and litigation.

The Power and Risk of the Pixel

Tracking pixels are one piece of technology currently under scrutiny. Small snippets of code that can be added to websites to track user behavior, pixels enable businesses to collect information about users’ online activities, which can then be utilized for targeted advertising. Businesses are required to disclose the use of pixels, inform users of the specific data collected, and provide an opt-out option.

One of the most widely used pixels comes from Meta, the parent company of Facebook and Instagram.

The misuse of tracking pixels can result in the unauthorized collection of sensitive and personal data, leading to privacy breaches and potential harm to individuals. A series of class-action lawsuits have already been filed against Meta, hospitals, and healthcare networks alleging the collection of confidential patient health information protected under the Health Insurance Portability and Accountability Act (HIPAA). The good news is there are steps companies can take to help protect customer data and minimize their liability risk, including:

• Ensure compliance with privacy policies and correct pixel usage
• Communicate with C-suite executives and legal about pixel use strategy
• Obtain adequate cyber insurance

Biometric Data Risk

There are also growing risks associated with the collection and use of biometric data. Biometrics, such as fingerprint and facial recognition, offer quick and convenient identification methods. However, the use of biometrics also raises legal risks. Companies using biometrics must obtain clear written consent from individuals and have transparent policies on data storage, protection, and disposal. Answering a few key questions can help organizations ensure compliant biometrics use. These questions include:

• What happens to the data after it has been collected?
• How are customers or employees notified that biometric data is being collected?
• How is the company protected against potential privacy claims?

Insurance Implications

Because cyber insurance policies cover third-party privacy liability as well as regulatory proceedings, each insurer’s policy must be evaluated to determine whether coverage is included for pixel- or biometrics-related claims. Coverage arising out of pixel or biometrics use is not affirmatively provided, so careful reading of insuring agreements, definitions, and exclusions is required. If coverage is in doubt, the agent or broker should contact the insurer to affirm their position of coverage. Some cyber insurers specifically exclude any wrongful collection of data by endorsement or by adding a specific pixel or code tracking exclusion to any risk where pixel ad tech is detected, nullifying any coverage.

As with the pixel issue, underwriters are also taking a closer look at the biometrics exposure and responding accordingly by adding biometric data exclusions on all policies or considering the exposure only if the insured can acceptably answer their questions. If the policy has a wrongful collection of data exclusion, the scope of that exclusion will likely also proscribe any coverage for biometric claims.

The Bottom Line

While technology brings new opportunities, it also poses new risks. Businesses must adapt their strategies to address emerging technological exposures and protect themselves from potential liabilities. Communication between marketing teams and company leadership is crucial, and corporate policies should be established to evaluate and approve the use of tracking pixels and biometrics. Obtaining adequate insurance coverage is also key to protecting against privacy claims. Partnering with knowledgeable insurance brokers can help companies find suitable cyber coverage to mitigate these risks and ensure the protection of customer data.

This is an abridged version of an article that first published on the CRC Group website. It is reproduced here with permission.

Mike Edmonds is an assistant vice president with CRC Group’s Seattle office, where he specializes in cyber and technology, E&O, healthcare, and management liability as part of the Seattle ExecPro Team.

Mark Smith is a senior vice president and a professional liability broker with CRC Group’s Seattle office. He is an active member of the ExecPro Practice Group and a member of the cyber specialty team.

From: PropertyCasualty360