The 9th Circuit recently affirmed class certification for claims alleging Facebook’s facial recognition technology violates Illinois’ Biometric Information Privacy Act.
Facebook users in the suit allege that the social media platform’s “Tag Suggestions” feature illegally collected biometric data. The feature used previously uploaded photos to recognize a user’s Facebook friends for easier tagging. Specifically, Facebook developed a “face template” using facial recognition technology that could identify someone’s facial features to a surprisingly accurate degree.
The Illinois Biometric Information Privacy Act protects individuals’ ability to control how their biometric data is used. Any private entity in possession of biometric information, or “biometric identifiers” must have a written policy that is available to the public and a process for obtaining consent before utilizing someone’s biometric info.
In the context of the statute, “biometric identifiers” are:
The last point is where Facebook has gotten itself in trouble. When Facebook users enabled Tag Suggestions, the facial recognition technology extracted unique geometric data points about someone’s face, such as the distance between their eyes, to create a face signature.
One of the reasons the Illinois legislature felt the need for stricter rules on biometric data is the fact that it cannot be changed in the event it is compromised – leaving victims of identity theft with no recourse. It seems the 9th Circuit agrees, finding a violation of the Illinois statute injures someone’s “concrete right to privacy” and allowing plaintiffs to move forward as a class action.
Counsel for the plaintiffs estimated around 7 million people might be eligible to join the class.