The lawsuit, which has been ongoing since 2015, alleges that Facebook collected biometric information in the form of face prints for the purpose of supporting its “face tagging” feature without obtaining the consent of millions of users, thus violating the Illinois Biometric Information Privacy Act (BIPA).
BIPA is enforced to safeguard users from having their biometric information being used or sold without consent. It requires companies to develop a written policy indicating how biometric data is collected and stored.
In 2010, Facebook had begun utilising facial recognition in the US when it automatically tagged people in photos using its Tag Suggestions tools, however users were not explicitly asked if they wanted the tool activated, in addition to not being aware that they had the option to switch it off.
A federal judge gave the class-action lawsuit the go-ahead in 2018, to which Facebook appealed the ruling but lost the appeal in a 3-0 decision.
Under the agreement, the social media company will now pay $550 million to eligible Illinois users, in addition to covering the plaintiffs’ legal fees.
In a statement to the BBC, Facebook said that it chose to settle “as it was in the best interests of our community and our shareholders to move past this matter.”
“This case should serve as a clarion call to companies that consumers care deeply about their privacy rights and, if pushed, will fight for those rights all the way to the Supreme Court and back until they are justly compensated,” commented Paul Geller head of consumer protection arm of Robbins Geller.
The plaintiffs will now ask the District Court to give preliminary approval of the settlement and order that notice be sent to the Illinois class.
“This is a tremendous victory for the class,” said Michael Canty, head of the consumer cybersecurity group at Labaton Sucharow. “Here, Illinois enacted a statute not to thwart innovation, but to protect individuals’ privacy. As technology advances, corporations must be mindful of the privacy of their customers and more importantly, comply with the law.”
Join our free-to-attend digital event, Last Thursday in Privacy, addressing data protection, privacy and security challenges including working from home, COVID-19, global regulations and more. Visit https://digital.privsec.info/.
We have been awarded the number 1 GDPR Blog in 2019 by Feedspot.