Facebook Hit with Facial Recognition Class Action
Facebook was hit with a lawsuit in 2015 that was originally filed in federal court in Chicago and later moved to federal court in San Francisco. The suit alleged the social media networking site violated Illinois’ Biometric Information Privacy Act (BIPA), enacted in 2008, when it failed to solicit written consent from users before creating templates featuring their faces and to properly notify them about how the information from their photos would be used or how long it would be stored.
The BIPA law states that information which uniquely identifies an individual is their property. It prohibits a private entity from selling, leasing, trading, or otherwise profiting from a person’s biometric information, and Facebook’s actions allegedly violate this stipulation.
The lawsuit the company was hit with asks the court to award $5000 in damages for each reckless violation of the state’s law and $1,000 for each negligent violation. Class action status was granted in April of this year. Facebook submitted a request to move the case to California and the request was granted.
The facial tagging feature was rolled out back in 2010. The social media platform has information on its website regarding the feature and points users toward their settings to disable it. Basically, the software recognizes the facial features of Facebook users and offers the option for them to tag themselves and/or other persons depicted. There is often a list of several users in which the program believes to be present in newly uploaded shots.
Facebook denied all allegations after being hit with the suit and has argued that the collection of biometric data caused no real harm to the people involved in the litigation. It argued in court that individual plaintiffs should have to pursue their legal claims proving that they were “aggrieved” and suffered an actual injury beyond an invasion of privacy.
Yet, the court disagreed, indicating that a potential invasion of privacy was harm enough. In his ruling, U.S. District Judge James Donato, nominated to his position by former president Barack Obama, determined that the ”claims are sufficiently cohesive to allow for a fair and efficient resolution on a class basis” and noted there is enough evidence to suggest that Facebook violated BIPA. In his order, Donato also wrote, “Facebook seems to believe…statutory damages could amount to billions of dollars.” His decision to certify the case as a class action was a milestone for privacy advocates.
“As more people become aware of the scope of Facebook’s data collection and as consequences begin to attach to that data collection, whether economic or regulatory, Facebook will have to take a long look at its privacy practices and make changes consistent with user expectations and regulatory requirements,” Shawn Williams, the plaintiffs’ attorney, said.
Facebook, which is no stranger to litigation, has indicated it will send out more than 28 million notifications to its users, explaining that they could be parties to the class action lawsuit. The total payout would ultimately depend on the number of users who opt into the class.
“We continue to believe the case has no merit and will defend ourselves vigorously,” the company stated.