Vimeo finds itself as the defendant in a proposed class action lawsuit in which the plaintiff claims the ad-free video platform’s Magisto editing app has scanned and stored templates of thousands of consumers’ faces in contrivance to the Illinois Biometric Information Privacy Act (BIPA).
The lawsuit out of Cook County Circuit Court revolves around Vimeo’s cloud-based Magisto service, a web- and mobile-based video-editing app for consumers and businesses that the defendant says employs “artificial intelligence engines” to make video editing more streamlined. Magisto’s artificial intelligence is also designed “to intuitively analyze and edit” photo and video content, which includes the use of facial detection and recognition that can create “highly detailed geometric maps” of the faces of individuals who appear in photos and videos uploaded to the app, the complaint explains.
Citing the Illinois BIPA, the lawsuit alleges that Vimeo, unbeknownst to the average consumer, has unlawfully scanned each and every face that’s appeared in a Magisto photo or video, extracting geometric data “relating to the unique points and contours”—i.e. biometric identifiers—of each face. Vimeo, the case claims, has used that data to “create and store a template of each face” without informing those to whom the faces belong.
“Each face template that Vimeo extracts is unique to a particular individual,” the case stresses, “in the same way that a fingerprint or voiceprint uniquely identifies one and only one person."
While facial scanning is legal, the BIPA requires companies to follow stringent guidelines with regard to the collection and storage of biometric identifiers such as facial scans and fingerprints in Illinois. The law mandates that companies inform consumers in writing that a biometric identifier is being collected or stored and of the length of time for which their biometric information will be collected, stored and used. The BIPA lastly requires companies to receive a written release from the consumer authorizing the collection and storage of their biometric data.
Importantly, the BIPA makes clear that companies in possession of consumers’ biometric identifiers must develop and make publicly available a written policy establishing a retention schedule and guidelines for the permanent destruction of the data “when the initial purpose for collecting or obtaining such” has been satisfied, or within three years of an individual’s last interaction with the business. Vimeo, the lawsuit argues, has violated all four prongs of the BIPA.
“In direct violation of [the BIPA], Vimeo never informed Illinois residents who had their face templates collected of the specific purpose and length of term for which their biometric identifiers or information would be collected, stored, and used, nor did Vimeo obtain a written release from any of these individuals,” the suit states. “In direct violation of [the BIPA], Vimeo does not have written, publicly available policies identifying their retention schedules or guidelines for permanently destroying any of these biometric identifiers or information.”
The lawsuit looks to certify a class of Illinois residents who are users of Vimeo’s Magisto service and had their biometric identifiers, namely scans of facial geometry, collected, captured, received or otherwise obtained by the defendant from videos and/or photos uploaded within the state. The case is the latest in a string of potential class action litigation filed by consumers who allege major companies, including Home Depot, Hilton, Shutterfly, and Universal Parks & Resorts, have captured and stored consumers’ biometric information without adhering to Illinois BIPA regulations.