Photo of Matthew T. Hays

Matthew Hays is an associate in Dykema’s Chicago Office and is an IAPP Certified Information Privacy Professional and registered patent attorney. Mr. Hays’s privacy and data security practice includes advising clients on issues of risk assessment, policies and procedures, corporate compliance projects, and drafting comprehensive website terms and conditions, privacy notices, and data sensitive vendor service agreements. He has also assisted clients in avoiding and addressing legal and regulatory exposure through prompt response to data security incidents. Mr. Hays has notable experience handling compliance matters related to the California Consumer Privacy Act (CCPA), the European Union General Data Protection Regulation (GDPR) and the Canadian Personal Information Protection and Electronic Documents Act (PIPEDA).

Despite its unassuming name, the EARN IT Act has substantial cybersecurity implications, its relative obscurity in today’s coronavirus-obsessed headlines notwithstanding. The Eliminating Abusive and Rampant Neglect of Interactive Technologies (“EARN IT”) Act has already caught the ire of the collective internet and technology spheres due to its dramatic alteration of the safe harbor provisions of Section 230 of the Communications Decency Act (Title V of the Telecommunications Act Of 1996). Although still in the early stages of the legislative process, curbing Section 230’s protections has already garnered substantial support from leaders in both parties, including Joe Biden and Ted Cruz. Therefore, EARN IT’s progress merits close monitoring.
Continue Reading Putting in the Work: What Does the EARN IT Act Have in Store for Average Businesses

Passed in 2008, the Illinois Biometric Information Privacy Act (BIPA) regulates collection of biometric markers such as fingerprints or facial metrics. Since its passage, the Illinois BIPA has been used to restrict technology giants and their use of users’ personal information, particularly photographs. To understand the scale of this, Facebook reported in a 2013 whitepaper that its users have uploaded more than 250 billion photos. It was estimated in 2017 that the total number of digital photos stored in electronic databases was around 5 trillion.

Documenting and categorizing the faces of a significant percentage of the world’s population represents a major opportunity for technology and data companies. Ten years into enforcement and a figurative eternity into the technological evolution of the process, the Illinois BIPA has been an unavoidable feature of the big data landscape. Though potentially impactful cases remain pending (or on appeal), technology companies largely have been unable to convince courts that their facial recognition technologies should escape regulation under BIPA. 
Continue Reading Technology Defendants Continue to Test Whether the Illinois BIPA Law Can Cope with Modern Facial Recognition Technology