Facebook Embroiled In Data Storage Lawsuit

Facebook recently lost the first round of a contentious legal battle centered around the tech mogul’s use of facial scanning software.

The plaintiffs, privacy advocates based in Illinois, cited an Illinois law which would require Facebook to receive permission before using a subscriber’s face as a biometric identifier. The action in question is Facebook’s use of technology developed and introduced in 2010 that allows users to identify people they recognize in photos using a software tool that automatically matches names to faces on pictures uploaded to the site. The Illinois Biometric Information Privacy Act of 2008 is the only law in the United States that allows companies to be sued for failing to get consent from consumers. Google has also been sued for acting in violation of the law. According to plaintiffs, Facebook’s “Tag Suggestions” photo-tagging feature is in clear violation of the law, and the suit has been filed with the intent “to put a stop to [Facebook’s] surreptitious collection, use, and storage of Plantiffs’ and the proposed Class’s sensitive biometric data.”

Facebook PrivacyAccording to the complaint, Facebook users around the world upload about 300 million photos every single day. When those photos are uploaded, an algorithm used by Facebook scans each photo and suggests who to tag. Throughout this process, users are assigned unique templates to aid in their recognition. This feature has been turned on and off in the United States since its implementation in 2010, and it was suspended in Europe after a review by the Irish data protection authority.

The plaintiffs are seeking damages of $1,000 or $5,000 for every instance in which the biometric data law was violated by Facebook when handling photos uploaded by users residing in Illinois. According to one of the plaintiff’s lawyers, Stuart Davidson, there are over 7 million Facebook users in Illinois. That means Facebook’s damages could add up to billions of dollars if the judge rules in favor of the plaintiffs.

Facebook moved to have the lawsuit, which alleges that the company “secretly amassed the world’s largest privately held database of consumer biometric data” thrown out, an attempt that was rejected on Thursday by a San Francisco judge. Facebook was hoping to get the case dismissed under the logic that the attempt to enforce Illinois law on the company is a violation of its user agreement, which requires disputes to be resolved under the laws of California, where the social media company is based.

“Illinois will suffer a complete negation of its biometric privacy protections for its citizens if California law is applied,” wrote the Judge. “In contrast, California law and policy will suffer little, if anything at all,” under circumstances when the Illinois law is applied

fbLawyers for the plaintiffs stated that the judge’s decision is “an important step towards protecting the privacy rights of consumers.”

“We look forward to the continued prosecution of the action, and ultimately proving our case at trial,” reads a joint statement made by law firms Edelson PC, Robbins Geller Rudman & Dowd LLP, and Labaton Sucharow.

Only three states in the United States have laws regulating the use of biometrics and facial recognition technology: Illinios, Texas, and Connecticut. The Facebook case was opened as three separate lawsuits in Chicago that were eventually consolidated into one case and the proceedings were moved to San Francisco.

According to Pam Dixon, executive director of the World Privacy Forum in San Diego, the judge’s ruling stands as a major win for consumers:

“That’s a huge victory because what that will say is that state law will be applicable in cases where a national company attempts to try cases in their own state without applying all states’ laws.”