November 21, 2016 -
Facebook Inc. says an Illinois biometrics law that prevents interstate-sharing of facial recognition data violates the U.S. Constitution ( In re Facebook Biometric Info. Privacy Litig. , N.D. Cal., No. 15-cv-03747, answer, 11/11/16 ), according to a report by Bloomberg BNA.
Aside from Illinois, Texas and Connecticut are the only other states that have biometrics laws. Despite this, several consumer-facing companies are trying to monetize or store and analyze biometric data.
In August, three class actions against Facebook over allegations that the company’s ‘tag suggestion’ feature violates users’ privacy rights, were moved from Chicago’s federal courts to San Francisco’s.
The lawsuits stemmed from consumers claims that the company used its tag suggestions feature to cover up its use of proprietary facial recognition software to collect “unique biometric identifiers” without their consent.
On November 11, Facebook responded to the plaintiffs’ amended complaint filed in the U.S. District Court for the Northern District of California by calling the Illinois Biometric Information Privacy Act (BIPA) ‘unconstitutional’.
Facebook said that the BIPA infringes on a constitutional protection under the commerce clause, which restricts a state’s ability to pass legislation that would improperly strain or discriminate against interstate commerce.
The social media giant said that preventing it from using biometric analysis software to search images uploaded by Illinois users places limitations on its use of data in commerce.
In addition to this defense, Facebook cited 22 other affirmative defenses to the consumer claims before the federal court, including one that said that plaintiffs and putative class “consented to and, in some cases, participated in the uploading and ‘tagging’ of photographs of which they now complain.”
BIPA, 740 Ill. Comp. Stat. § 14/15 states that no private entity may collect an individual’s “biometric identifier or biometric information” unless the person in writing that the information is being stored and “the specific purpose and length of term” of use, then receives written consent from the person to use said data.
Last month, both Facebook and Google stated that collecting facial biometrics data isn’t against the law, even without the user’s consent.