United States of America: Rejected Tennessee Consumer Biometric Data Protection Act (SB 0339 / HB 0932)

On 12 April 2023, the Consumer Biometric Data Protection Act (SB 0339 / HB 0932) was rejected after failing to pass before the Tennessee legislature session adjourned. The Act would have required private entities to develop a written policy establishing a retention schedule and guidelines for destroying biometric identifiers and biometric information. Further, it would have prohibited private entities from obtaining biometric information unless it first informed the individual in writing that the information was being collected or stored and its specific purposes and received written authorisation from the individual. The Act would have also established an obligation for private entities to apply a reasonable standard of care to the information. Additionally, the Act would have restricted the sale or disclosure of biometric information. Finally, the Act would have provided a right of action for data subjects.