Data Privacy Detective Podcast Episode 37 - Catching Serial Killers, Employee Biometrics, Tracking and Personal Data Privacy

June 10, 2019
Data Privacy Detective Podcast

What do serial killers, employees who don’t want their fingerprints shared and a U.S. Senator have in common? Data privacy. In this podcast, Victoria Beckman, Co-Chair of Frost Brown Todd’s Privacy and Data Security Team, discusses this and other news.

The California Golden State Killer was arrested in 2018 after being accused of murders, rapes and burglaries during the 1970s and 1980s. DNA evidence stored in cold case files was linked to the genetic profile of one of the suspected assailant’s relatives in GEDmatch, an online genealogy database. Law enforcement was able to match his DNA by following the branches of his family tree after GEDmatch provided information voluntarily to law enforcement. GEDmatch was the first consumer genetics database to announce publicly that it cooperated with law enforcement without a warrant.

The 2019 news is that GEDmatch revised its privacy policy to allow warrantless law enforcement access to its database only if those whose DNA is in question agree to this. The new opt-in policy has been criticized by many. But the trend is to require “opt-in” permission by customers as to sensitive data like DNA. Advocates for crime solving urge users to opt-in to the use of DNA for law enforcement purposes. That raises a question – would a serial killer be likely to opt-in to sharing DNA for this purpose?

An Australian case resolved the clash of interest between employee privacy and employer rights in favor of privacy. An Australian man was fired after refusing to provide biometric data through a fingerprint scanner used for all employees to sign in and out of work. The company won at the initial stage, but the fired employee won on appeal, based on a finding that firing him for refusing to provide his fingerprints violated his privacy rights and so was unjust. Believed to be the first Australian case to decide whether employer rights or privacy laws take precedence, the pro-privacy outcome is based on the principle that a person owns his or her biometric data (here fingerprints) and cannot be forced to share it with an employer, even though the employer was not singling out the individual for this purpose and had an understandable reason to request it.

U.S. Senator Josh Hawley (R.Mo.) introduced the Do Not Track Act. If approved federally, it would create a nationally applicable right for individuals to control the use of personal data similar to the national Do Not Call registry. Senator Hawley opposes “creepy surveillance tactics” by big data companies. The bill would penalize companies that collect secondary datasets from consumers who opt out of such tracking $1,000 per day per person if total damages exceed $100,000; if the company collects data unknowingly it would owe $50 per day per person.

For further details and links about these and other developments – Frost Brown Todd's Privacy and Data Security Update, May 27, 2019

If you have ideas for more interviews or stories, please email