
Six Flags fingerprinted my son without consent, says mom - LinuxBender
https://www.theregister.co.uk/2019/01/25/six_flag_fingerprint_lawsuit/
======
nowarninglabel
This is why legal governance is important. One could argue it's the customer's
choice to enter into a theme park, so they could choose not to go instead if
they don't want to give up their biometric data. But imagine you get in a car
with friends to go to a theme park for the day and then you arrive and they
want your fingerprints. That's a tough choice to say no, and most consumers
won't say no. However, then when Six Flags sells or breaches the data later
and folks have to deal with identity theft fallout they will suffer.

On the other hand, as long as we use biometrics as identifiers but _not_
authenticators then it's not problematic if the data becomes public. Indeed,
having a fingerprint might be a good option if that can allow for then not
storing any other PII data. I think once companies really start to understand
that PII is a liability, not an asset, we'll slowly see a shift in the
industry back towards pseudo-anonymity.

