By Julie Liu
Facebook’s facial recognition technology has evolved to a point where it is as disturbing to many users as it is helpful. Earlier this month, the District Court for the Northern District of California denied a motion to dismiss a class action alleging that Facebook had unlawfully collected biometric data. In particular, plaintiffs took issue with Facebook’s “tags suggestion” feature, which identifies subjects in users’ photos and suggests names for users to tag faces in photos with.
The action grew out of three separate suits by Illinois-based Facebook users, who each sued Facebook in 2015. The plaintiffs looked to the Biometric Information Privacy Act (BIPA), an Illinois law which prohibits “private entities” (including individuals and companies) from obtaining an uninformed, non-consenting subject’s “biometric identifier or biometric information.” Notably, the Act defines “biometric identifier” to include scans of “face geometry.” Further, “‘biometric information’ means any information, regardless of how it is captured, converted, stored, or shared, based on an individual’s biometric identifier used to identify an individual.”
Facebook suggests tags using facial recognition software that scans uploaded photos and generates a “template” for individuals based on features such as “the distance between the eyes, nose and ears.” The plaintiffs allege that Facebook violated BIPA by collecting and storing users’ biometric data without: informing them that it was doing so, obtaining users’ written consent, or providing guidelines for permanently destroying the data.
Given that Facebook’s use of facial recognition technology has already raised serious privacy concerns for users, the decision seems like a win for millions in the U.S. seeking to protect their identity online and assert some control over the access and use of their identifying information by companies. Although the ruling establishes that the plaintiffs have a valid claim, we will have to see how the case proceeds in order to better understand the lawfulness of Facebook’s data collection.
Currently, BIPA is a unique law in the U.S.—Texas is the only other state with laws requiring the informed consent of individuals for purposes of collecting biometric data, or addressing the commercial use of biometric data at all. Other states may follow in kind in the near future; for example, a Washington State bill to protect consumers’ biometric information was introduced in 2015. Although it met opposition from business groups, it was still on the table as of earlier this year.
For the most part, Facebook has managed to avoid controversy in the launch of Moments, its photo-sharing app, in the EU and Canada. This is because the versions of the app available in these regions use object recognition instead of facial recognition. Rather than automatically identifying people in photos, the app groups together photos that may contain the same person.
Image Source: TECHMalak.com