Facebook, Inc.’s latest legal challenge comes by way of a proposed class action in which the plaintiff claims the besieged social media platform violated theIllinois Biometric Information Privacy Act(BIPA), a statute that governs the capture, possession, storage and use of consumers’ biometric identifiers and biometric information.
Filed in California federal court, the complaint explains that unlike data used to access finances—credit card numbers, for instance—biometric data is “biologically unique” to an individual in that once compromised, an individual most likely cannot change the information and has no real recourse in staving off potential identity theft. According to the lawsuit, the Illinois legislature enacted the BIPA to prevent private entities such as Facebook from obtaining or possessing one’s biometric data unless it:
Notifies an individual in writing that biometric identifiers or information will be collected or stored;
Informs an individual in writing of “the specific purpose and length of term” for which his or her biometric information is being collected, stored and used;
Receives a “written release” from the individual allowing the collection of his or her biometrics; and
Publishes publicly accessible “written retention schedules and guidelines” for permanently destroying collected biometric data.
The allegations detailed in the 16-page complaint stem from Facebook’s creation of “face templates” through sophisticated facial recognition technology that “extracts and analyzes data from the points and contours of faces” that appear in photos uploaded by users. Each facial template is unique to an individual, the lawsuit continues, much like a fingerprint or voiceprint. Per Facebook’s own admissions, the company acknowledges it is able to suggest that a user tag a friend in a photo “by scanning and comparing your friend’s pictures to information” the defendant has compiled from other photos an individual has been tagged in. The lawsuit states this process relies on facial recognition software that “uses an algorithm to calculate a unique number (‘template’) based on someone’s facial features, like the distance between the eyes, nose and ears.”
According to the plaintiff, who’s reportedly never had a Facebook account, the company has failed to adhere to any of the above-described guidelines set by the BIPA with regard to its capture and storage of proposed class members’ facial biometrics:
“In direct violation of each of the foregoing provisions of Section 15(a) and Section 15(b) of the BIPA, Facebook is actively collecting, storing, and using — without providing notice, obtaining informed written consent, or publishing data retention policies — the biometrics of its users and unwitting non-users like [the plaintiff].”