A panel of the U.S. federal Court of Appeals for the Ninth Circuit unanimously rejected Facebook’s attempt to dismiss a privacy class-action alleging that it violated the Illinois Biometric Information Privacy Act (BIPA) by not securing user consent before recording users’ facial biometrics.
The lawsuit revolves around Facebook’s Tag Suggestion feature, launched in 2010. With Tag Suggestions, Facebook uses facial-recognition technology to analyze whether the user’s Facebook friends are in photos uploaded by that user. Facebook does so by extracting the biometric face-prints of the faces in the photo and then comparing them to those already stored in Facebook’s face-print database. That database comprises of users previously tagged in a photo who have not opted out of Tag Suggestions.
Under BIPA, no private entity may collect biometric data of individuals unless it satisfies several pre-requisites, including the receipt of consent from the individual. Facebook argued for the dismissal of the lawsuit, asserting that the plaintiffs failed to establish a concrete-injury they suffered, sufficient to give them standing to sue in federal court.
The court held that given the enhanced technological intrusions on the right to privacy, an invasion of biometric privacy rights harms the individual’s concrete private affairs and interests, not merely their procedural rights. The court also held that Facebook’s conduct alleged in the class action suit poses a material risk of harm to the privacy interests of individuals.
Relying on a recent Illinois Supreme Court decision, the Ninth Circuit indicated that BIPA’s safeguards “are particularly crucial in our digital world because “[w]hen a private entity fails to adhere to the statutory procedures . . . the right of the individual to maintain his or her biometric privacy vanishes into thin air”. The lawsuit will now continue in the Northern District of California’s trial court.
CLICK HERE to read the Ninth Circuit’s decision in Patel v. Facebook, Inc.
This article was published in the Internet, Cyber and Copyright Group’s August 2019 Newsletter.