Three named plaintiffs, on behalf of a class of Illinois residents, brought suit against Facebook under the Biometric Information Privacy Act, 740 Ill. Comp. Stat. 14/1/ et seq. (“BIPA”), alleging that Facebook violated BIPA by amassing biometric data to fuel its “Tag Suggestions” program without their consent. Plaintiffs alleged in their complaint that the Tag Suggestions program uses state-of-the-art facial recognition technology to scan photographs uploaded to Facebook and identify individuals who appear therein by name for the user. BIPA, passed back in 2008, is an Illinois statute that governs a private entity’s retention, collection, disclosure and destruction of information about a “biometric identifier” – defined in the statute as “a retina or iris scan, fingerprint, voiceprint, or scan of hand or face geometry,” and “biometric information” – biometric identifiers used for identification purposes. The consolidated matter was transferred from the Northern District of Illinois to the Northern District of California, where Facebook resides, based on a venue-selection clause in the Facebook user agreement.

Once in California, Facebook moved to dismiss, arguing that plaintiffs cannot pursue a claim under BIPA because California law governs their disputes with Facebook. Facebook asserted that the named plaintiffs had agreed to a California choice-of-law provision in the Facebook user agreement. The court agreed, finding that California’s choice-of-law analysis applied. The court set forth the relevant test: the parties’ choice-of-law is generally enforced unless “the chosen law is contrary to a fundamental policy of the [other] state. . . and. . . the other state has a materially greater interest in the determination of the matter."

The court first found that California has a substantial relationship to the parties (as Facebook resides there) and the claims fell within the California choice-of-law clause. However, the court concluded that the remaining factors used to determine the enforceability of choice-of-law provisions weighed against the parties’ choice of California law. The court ruled that “[t]here can be no reasonable doubt that the Illinois [BIPA] embodies a fundamental policy of the state of Illinois” because the statute was premised on the Illinois legislature’s concerns about the use of new technology by major national corporations. Further, the court found that, if California law were applied, rather than simply the loss of the claim itself, the Illinois policy of protecting its citizens’ privacy interests in their biometric data, especially in the context of dealing with major national corporations like Facebook, would be “written out of existence.” The court noted California had no law or policy equivalent to BIPA, so the plaintiffs would lose their right to bring a private cause of action based on an alleged right to privacy in personal biometric data.

Turning to whether Illinois has a “materially greater interest” in the matter, Facebook argued that California has the superior interest of needing to provide “certainty and predictability to technology companies like Facebook.” The court rejected that argument, reasoning that if enforcing a choice-of-law provision alone could trump the interest of the non-chosen state, choice-of law analysis would “largely be a nullity.” The court denied Facebook’s motion, allowing plaintiffs’ Illinois claim to proceed in California. This case could have major impacts on the choice-of-law analysis as applied to state-specific privacy laws.

In re Facebook Biometric Information Privacy Litigation, ___ F. Supp. 3d. ___, 2016 WL 2593853 (N.D. Cal. May 5, 2016).