Sorry, Facebook: that class action lawsuit over violating privacy rights with your facial recognition technology isn’t going away anytime soon.
A San Francisco federal judge on Thursday refused Facebook’s request to toss the lawsuit, letting the case move forward.
The lawsuit was filed by some Illinois residents under Illinois law, but the parties agreed to transfer the case to the California court, the court order showed.
What the suit claims: the social network violated Illinois privacy laws by “secretly” amassing users’ biometric data without getting consent from the plaintiffs, Nimesh Patel, Adam Pezen and Carlo Licata, collecting it and squirreling it away in what Facebook claims is the largest privately held database of facial recognition data in the world.
Specifically, the suit claims that Facebook didn’t do any of the following:
- Properly inform users that their biometric identifiers (face geometry) were being generated, collected or stored
- Properly inform them, in writing, what it planned to do with their biometrics and how long the company planned to collect, store and use the data
- Provide a publicly available retention schedule and guidelines for permanently destroying the biometric identifiers of users who don’t opt out of “Tag Suggestions”
- Receive a written release from users to collect, capture, or otherwise obtain their biometric identifiers
The Illinois law in question – the Illinois Biometric Information Privacy Act (BIPA) – bans collecting and storing biometric data without explicit consent, including “faceprints.”
What Facebook argued in a motion to dismiss the suit: users can’t file a complaint under BIPA, since the Facebook user agreement says that California law would govern any disputes with the company. Besides, Facebook said in its motion, BIPA doesn’t apply to Facebook’s facial tagging suggestions for photos.
US District Judge James Donato didn’t buy it.
First of all, going by Illinois law is just fine. From his ruling:
The answer here could not be clearer. Illinois will suffer a complete negation of its biometric privacy protections for its citizens if California law is applied. In contrast, California law and policy will suffer little, if anything at all, if BIPA is applied.
Facebook’s contention that BIPA doesn’t cover faceprints is likewise weak, he said, given that the law, written as it was in light of modern technology, “regulates the collection, retention, and disclosure of personal biometric identifiers and biometric information by “[m]ajor national corporations,” among others.
It specifically defines “biometric identifier” as “a retina or iris scan, fingerprint, voiceprint, or scan of hand or face geometry,” the judge pointed out.
Image of Facebook Thumb courtesy of rvlsoft / Shutterstock.com
Marshall Mullet
Couldn’t a photo by itself be qualified as a “scan of hand or face geometry?” After all, you can use it without any other technology to bio metrically identify a person.
DM
Yes, however The statute excludes plain vanilla photos from the definition of biometric identifiers.
Dave
Good-O for the Cali court! This whole Invasion of Privacy for Profit thing has gotten waaay out of hand. Going further, if I were “In Charge,” anyone who posts anything personal about anyone else without specific permission (and, maybe, payment) in each instance, would be subject to harsh penalties; perhaps a lifetime restriction barring use, possession, or ownership of any electronic device capable of being used for communication would be in order. Payphones were just fine, thank you,