Deploying advanced technology without a thorough understanding of the associated risks and privacy implications can result in potential liability and litigation. (Credit: desdemona72/Adobe Stock) Deploying advanced technology without a thorough understanding of the associated risks and privacy implications can result in potential liability and litigation. (Credit: desdemona72/Adobe Stock)

Technology impacts every aspect of our lives. From social media to biometrics or the use of artificial intelligence, the world is changing at an astounding rate.

The use of innovative technology also is raising increasing concerns about the privacy risks associated with the use of pixels and biometric data. The right to privacy is a crucial area where technology and the law intersect, and it has become a growing concern for consumers, employees and business partners.

Governments worldwide are taking steps to protect privacy rights, which has led to new exposures for businesses. Deploying advanced technology without a thorough understanding of the associated risks and privacy implications can result in potential liability and litigation.

The power & risk of the pixel

Pixels are one piece of technology currently under scrutiny. Small pieces of code that can be added to websites to track user data, pixels enable businesses to collect information about users’ online activities, which can then be utilized for targeted advertising. Businesses are required to disclose the use of pixels, inform users of the specific data collected, and provide an opt-out option.

One of the most widely used pixels comes from Meta, the parent company of Facebook and Instagram. The misuse of pixels can result in the unauthorized collection of sensitive and personal data, leading to privacy breaches and potential harm to individuals. A series of class-action lawsuits have already been filed against Meta, hospitals, and healthcare networks alleging the collection of confidential patient health information protected under the Health Insurance Portability and Accountability Act (HIPAA). The good news is there are steps companies can take to help protect customer data and minimize their liability risk, including:

Ensure compliance with privacy policies and correct pixel usage. Communicate with C-suite executives and legal about pixel use strategy. Obtain adequate cyber insurance.

Biometric data risk

There are also growing risks associated with the collection and use of biometric data. Biometrics, such as fingerprint and facial recognition, offer quick and convenient identification methods. However, the use of biometrics also raises legal risks. Companies using biometrics must obtain clear written consent from individuals and have transparent policies on data storage, protection and disposal. Answering a few key questions can help organizations ensure compliant biometrics use. These questions include:

  • What happens to the data after it has been collected?
  • How are customers or employees notified that biometric data is being collected?
  • How is the company protected against potential privacy claims?

Insurance implications

Because cyber policies cover third-party privacy liability as well as regulatory proceedings, each insurer’s policy must be evaluated to determine if coverage is included for pixel or biometric-related claims. Coverage arising out of pixel or biometric use is not affirmatively provided, so careful reading of insuring agreements, definitions, and exclusions is required. If coverage is in doubt, the agent or broker should contact the insurer to affirm their position of coverage. Some cyber insurers specifically exclude any wrongful collection of data by endorsement or by adding a specific pixel or code tracking exclusion to any risk where pixel ad tech is detected, nullifying any coverage.

As with the pixel issue, underwriters are also taking a closer look at the biometrics exposure and responding accordingly by adding Biometric Data exclusions on all policies or considering the exposure only if the insured can acceptably answer their questions. If the policy has a wrongful collection of data exclusion, it is likely the scope of such an exclusion would also proscribe any coverage for biometric claims.

The bottom line

While technology brings new opportunities, it also poses new risks. Businesses must adapt their strategies to address emerging technological exposures and protect themselves from potential liabilities. Communication between marketing teams and company leadership is crucial, and corporate policies should be established to evaluate and approve the use of pixels and biometrics. Obtaining adequate insurance coverage is also key to protecting against privacy claims. Partnering with knowledgeable insurance brokers can help companies find suitable cyber coverage to mitigate these risks and ensure the protection of customer data.

This is an abridged version of an article that first published on the CRC Group website. It is reproduced here with permission.

Mike Edmonds is an Assistant Vice President with CRC Group’s Seattle office where he specializes in Cyber & Technology, E&O, Healthcare, and Management Liability as part of the Seattle ExecPro Team.

Mark Smith is Senior Vice President and a Professional Liability Broker with CRC Group’s Seattle office. He is an active member of the ExecPro Practice Group and a member of the Cyber Specialty Team.

See also: