March 6, 2016 -
Google has become the latest technology firm to face legal action after being accused of violating the 2008 Illinois Biometric Information Privacy Act over the use of facial recognition technology and photo sharing.
The Illinois statute requires companies that gather biometric data to notify people about the practice before collecting data, and to publish a schedule for destroying the information.
The statute defines biometric identifier as “any personal feature that is unique to an individual, including fingerprints, iris scans, DNA and ‘face geometry,’ among others,” and establishes biometric information as “any information captured, converted, stored, or shared based on a person’s biometric identifier used to identify an individual.” The law allows for damages of $5,000 for each intentional violation and $1,000 for each negligent violation.
A Chicago resident named Lindabeth Rivera filed the class action complaint on March 1 in federal court in Chicago. The complaint is similar to claims lodged in Chicago federal court in June and August last year against Shutterfly and Facebook over their use of facial recognition technology in digital photo sharing and social media.
In January, a federal judge in Illinois dismissed a lawsuit challenging Facebook’s use of facial recognition software, commenting: “Because plaintiff does not allege that Facebook targets its alleged biometric collection activities at Illinois residents, the fact that its site is accessible to Illinois residents does not confer specific jurisdiction over Facebook.”
In the same month, a different federal judge in Illinois allowed lawsuit against Shutterfly Inc. to proceed despite the company’s claims that its tagging software does not break state privacy law. Shutterfly argued that the Illinois Biometric Information Privacy Act (BIPA) does not pertain to “photographs and any information gleaned from photographs” as they “cannot be biometric identifiers”.
According to Rivera’s complaint, as reported by Cook County Record, Google’s cloud-based Google Photos service has “created, collected and stored” millions of “face templates or face prints from millions of Illinois residents, many thousands of whom are not even enrolled in the Google Photos service. Google creates these templates using sophisticated facial recognition technology that extracts and analyzes data from the points and contours of faces that appear in photos taken on Google Droid devices and uploaded to the cloud-based Google Photos service.
“Each face template that Google extracts is unique to a particular individual, in the same way that a fingerprint or voiceprint uniquely identifies one and only one person,” the complaint said. “Since the service functions without respect to whether any of the people have Google Photos accounts, the company did not meet its obligation under BIPA guidelines to notify non-users “of the specific purpose and length of term for which their biometric identifiers or information would be collected, stored and used, nor did Google obtain a written release from any of these individuals. … Google does not have written, publicly available policies identifying their retention schedules, or guidelines for permanently destroying non-users’ biometric identifiers or information.”
Rivera has asked the court for class certification and a jury trial and to award BIPA’s statutory damages and attorney fees, as well as an order requiring Google to comply with the act.