Technologist - The FindLaw Legal Technology Blog

Class Action Challenges Facebook Facial Recognition Technology

If you've uploaded photos of family or friends to Facebook, you've probably been asked to "tag" them, or in the past few years, to confirm the tags suggested by Facebook. Instead of requiring you to say, "That's Sarah!" Facebook now asks, "Hey, isn't this Sarah?" In doing so, it uses its facial recognition software to scan members' faces and identify them in photos posted across the site.

That practice, made possible by Facebook's "DeepFace" technology, may also be against the law, according to a new class action lawsuit filed against the social networking site. The suit alleges that Facebook has gathered "the world's largest privately held database of consumer biometrics data," in violation of Illinois's Biometrics Information Privacy Act.

Facebook's Biometric Trove Raises Privacy Concerns

With well over a billion active users posting 350 million photos each day, Facebook has amassed a wealth of photographic data to mine. In order to make it easier to identify others in photos, Facebook employs facial recognition software that analyzes facial features and other biometric data.

Lead plaintiff Carlo Licata claims the practice violates Illinois law. Under that state's Biometrics Information Privacy Act, written consent is needed to collect biometric data, as well as notice about the collection, its purpose, and how long the data will be stored. The Federal Trade Commission has suggested private companies follow similar standards before using biometric data.

Biometrics Becoming More Common

The use of biometrics as identifiers is becoming increasingly common. You can now unlock your iPhone with the touch of a finger, instead of a PIN. Voice authentication is also being widely used, as are facial recognition programs such as Facebook's.

As biometrics begin to replace passwords and other identifying information, however, they raise security concerns. Should your data security be compromised, account names and passwords can be changed. It isn't quite as easy to change a fingerprint or the distance between your eyes, however. According to the lawsuit, the FTC is already concerned that a data breach could result in victims being left with no recourse against continuing identity theft and unauthorized tracking.

Facebook, however, seems less concerned. The company argues that the information it gathers is simply for convenience and can be used only with its software. Anyone stealing Facebook's biometric information would get nothing more than "useless bits of data."

Related Resources: