FB pixel

Facebook lawsuit calls collection of biometrics data illegal


A new class action suit against Facebook alleges that the social media giant violated its users’ privacy rights to acquire the largest privately held database of facial recognition data in the world, according to a report by Courthouse News Service.

Lead plaintiff Carlo Licata, represented by attorney Jay Edelson, claims that Facebook first began violating the Illinois Biometric Information Privacy act of 2008 in 2010, in a “purported attempt to make the process of tagging friends easier.”

The lawsuit, recently filed in Cook County Court, relates to Facebook’s “tag suggestions” program, which scans users’ uploaded pictures and identifies any Facebook friends they may potentially want to tag.

The facial recognition technology is taken from Israeli firm Face.com, which Facebook eventually acquired.

The lawsuit argues that this method of data mining directly violates users’ privacy laws, describing the facial recognition feature as a “brazen disregard for its users’ privacy rights,” through which Facebook has “secretly amassed the world’s largest privately held database of consumer biometrics data.”

The tagging feature works by scanning the faces of Facebook friends in photos and extracting facial feature data to cross-match it against their “faceprint database,” or what the company refers to as templates.

However, Licata’s lawsuit alleges that Facebook “actively conceals” this information from its user base, and “doesn’t disclose its wholesale biometrics data collection practices in its privacy policies, nor does it even ask users to acknowledge them” – a practice that is illegal in Illinois.

According to the Illinois Biometrics Information Privacy Act, it is unlawful to acquire biometric data without first providing the subject with a written disclaimer that details the purpose and length of the data collection, and without the subject’s written consent.

Additionally, the Federal Trade Commission also backs this same sentiment by suggesting that private companies should provide clear notice of how the technology works, what data they are collecting and for what reasons, and attain consent from the subject, before using biometric data.

The lawsuit alleges that Facebook “automatically enrolled its users into its facial recognition program to collect their biometric identifiers-a practice that continues to this day,” as well as being “calculatedly elusive” in describing how the program works.

At a 2012 Senate hearing on biometric technology, Facebook privacy and public policy manager Robert Sherman said that the “tag suggestions” program is simply a “convenience feature” and assured the Senate that users’ data is secure .

He also added that Facebook’s faceprint database works only with its own software, and “alone, the templates are useless bits of data”.

The lawsuit also states that in 2011 the FTC was concerned about a “third party maliciously breaching a database of biometric information,” and that “once exposed, a victim has no recourse to prevent becoming victim to misconduct like identity theft and unauthorized tracking.”

Finally, the lawsuit seeks class certification and an injunction ordering Facebook to comply with the Illinois law, to “put a stop to its surreptitious collection, use and storage” of users’ biometric data.

In an email statement, a Facebook spokesperson called the lawsuit “without merit”, and stated that the company will “defend [itself] vigorously”. The statement also said that the face-tagging feature could be disabled, which deletes the data used to suggest tags to other people.

Previously reported, Facebook has been quietly restoring elements of its face recognition services in Europe, two years after data privacy advocates removed it.

Article Topics

 |   |   |   |   |   |   |   | 

Latest Biometrics News


IOTA’s Web3 IDV project one of 20 projects invited to play in EU sandbox

The European Blockchain Regulatory Sandbox has selected the use cases to be featured in its second cohort of sandbox dialogues….


New eIDAS-Testbed runs first successful tests on European Digital Identity Wallet

The entourage forming around eIDAS continues to grow, as the EU regulation pushes Europe toward a digitized society activated through…


UK Peers slam Ofcom refusal to require biometric age estimation for under-13s

Ofcom’s draft Children’s Safety Code of Practice will leave millions of young people exposed to online harms the legislation behind…


Physical documents still crucial amid slow transition to digital IDs: Regula study

A recent study commissioned by Regula has concluded that digital IDs are not yet poised to replace physical documents in…


Decentralized biometric system proposed for privacy in ICRC aid distribution

Wouter Lueks, faculty member at the CISPA Helmholtz Center for Information Security in Germany explained a proposed system for digital…


Privado ID to tackle global demand for decentralized digital identity software on its own

Privado ID, previously known as Polygon ID, has officially separated from Polygon Labs to address the increasing global need for…


29 Replies to “Facebook lawsuit calls collection of biometrics data illegal”

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Most Read This Week

Featured Company

Biometrics Insight, Opinion

Digital ID In-Depth

Biometrics White Papers

Biometrics Events