U.S. consumers addressing biometric privacy issues--such as unauthorized collection of fingerprints, facial scans, or voiceprints--should first document evidence and contact the company directly. No unified national complaint form exists. Controlling rules include state laws like the Illinois Biometric Information Privacy Act (BIPA), which sets requirements for notice and consent, and federal FTC Act Section 5, which prohibits unfair or deceptive acts or practices related to privacy. Regulators like state Attorneys General or the FTC accept reports but focus on patterns rather than individual remedies. This is informational only; outcomes depend on specific facts and are not guaranteed.

Controlling U.S. Rules for Biometric Privacy

FTC Act Section 5 prohibits unfair or deceptive acts or practices. FTC guidance on privacy and security states that a participating company’s failure to comply with privacy principles may violate this prohibition. Biometric data handling can fall under these principles when companies mislead consumers about collection, use, or security.

No comprehensive federal biometric privacy law exists as of 2026. State laws provide the primary framework in some jurisdictions. For example, Illinois BIPA, passed in 2008, is frequently cited in descriptions of requirements for private entities handling biometric identifiers (note: details from secondary sources; consult official statute for full text). Federal and state regulators enforce through investigations, not direct consumer compensation.

What Does Not Control Biometric Privacy Complaints

Biometric privacy complaints are distinct from payment disputes, chargebacks, or merchant refunds, which do not apply here. Company privacy policies may outline data practices but do not replace or override legal rules under FTC Section 5 or state laws.

Non-U.S. frameworks like EU GDPR or Colombia's consumer protection rules do not control U.S. issues. FTC guidance references privacy principles broadly but does not create a dedicated biometric complaint process. Reports to agencies help identify patterns but do not guarantee individual resolution.

Practical Steps to Address a Biometric Privacy Issue

Follow these steps based on official regulator channels:

1. Gather evidence: Collect screenshots of data collection notices (or lack thereof), dates of interactions, company privacy policy pages, and records of any consent requests.
2. Contact the company: Review their privacy policy for data access, deletion, or complaint contacts. Submit a written request detailing the issue.
3. Report to regulators: Use ReportFraud.ftc.gov for FTC Section 5 concerns. For state-specific issues like BIPA, contact the relevant state Attorney General's consumer protection division (e.g., Illinois AG).
4. Monitor response: Regulators may investigate but provide no set timelines or individual remedies.

Limits include no confirmed deadlines for agency action and focus on enforcement over consumer payouts. Private legal action may be an option under certain state laws, but direct official support for steps was not found beyond regulator reporting.

Evidence Checklist:

• Screenshots of biometric prompts or scans
• Dates and context of data collection
• Company privacy policy link or text
• Communications with the company

FAQ

Does the FTC handle individual biometric complaints?
The FTC accepts reports at ReportFraud.ftc.gov under Section 5 for unfair or deceptive practices but prioritizes patterns over individual cases.

What counts as biometric data under U.S. rules?
FTC privacy principles apply broadly; state laws like BIPA describe examples such as fingerprints or facial scans (secondary descriptions).

Can biometric privacy issues lead to refunds?
No; these are not tied to payment disputes or merchant refunds.

Is there a federal biometric privacy law?
No comprehensive federal law exists; FTC Section 5 and state rules apply.