alt Hacker NewsThat pertains to collecting biometric info, not end users of facial recognition services. From your link:
> The BIPA requires companies doing business in Illinois to comply with a number of requirements pertaining to the collection and storage of biometric information. These include a requirement that companies:
> Obtain consent from individuals if the company intends to collect or disclose their personal biometric identifiers.
> Destroy biometric identifiers in a timely manner.
> Securely store biometric identifiers.[6]
> A key area of focus is that an entity must use a "reasonable standard of care"[7] in managing biometric information and identifiers.
If you actually read the full text of the law, it states:
" "Biometric identifier” means a retina or iris scan, fingerprint, voiceprint, or scan of hand or face geometry. Biometric identifiers do not include writing samples, written signatures, photographs, human biological samples, [...] "
So if it's just pictures of faces, then it's okay. If, however, at any point in the pipeline the actual facial geometry is calculated or stored, that might be a violation.