FB pixel

Shutterfly facial recognition lawsuit goes forward


A federal judge in Illinois is allowing a lawsuit against Shutterfly Inc. to proceed despite the company’s claims that its tagging software does not break state privacy law, according to a report in the International Business Times.

This is the first time any court has interpreted an Illinois statute that prohibits companies from collecting and storing biometric data without first obtaining informed written consent. Illinois state lawmakers passed the Biometric Information Privacy Act, or BIPA, in 2008.

Shutterfly argued that the Illinois Biometric Information Privacy Act (BIPA) does not pertain to “photographs and any information gleaned from photographs” as they “cannot be biometric identifiers”. But that wasn’t enough to get the lawsuit dismissed.

Facebook, who is facing a similar lawsuit, has also argued that the lawsuits against it are without merit because the Illinois Biometric Information Privacy Act does not bar companies from storing photos of faces or data generated from photos, but rather, only applies to faceprints that stem from in-person scans.

Currently, Illinois and Texas are the only states with legislation addressing biometric capture for commercial purposes.

The Texas law is similar to BIPA in that it requires companies to inform and receive consent from the subject before collecting any biometric data. However, it does not specify the exact form the notice and consent must take and states that lawsuits must be brought by the state and not individuals.

Although there are a handful of other states that have similar legislation pending, including Alaska and Washington, the outcome of Shutterfly’s lawsuit, as well as others that are likely to soon follow, may influence other states as they work towards implementing new privacy laws that address biometric technologies.

“Currently, Illinois is the only state to allow private citizens to sue,” David Milian, lead partner in the case at Carey Rodriguez, said in a statement. “The data privacy concerns are enormous. You can always change your password or get a new credit card or Social Security number if these websites are hacked, but you can’t change your facial geometry.”

The Illinois statute, which also covers iris and fingerprint scans, provides for recoveries of $5,000 for each violation.

Article Topics

 |   |   |   |   |   | 

Latest Biometrics News


IDV providers respond to growing consumer demand for stronger fraud prevention

A range of digital identity and financial fraud prevention capabilities and solution updates have been released just as Veriff issues…


Biometrics developers dance with data privacy regulations continues

Biometrics controversy and investments are often found side by side, as seen in many of this week’s top stories on…


EU AI Act should revise its risk-based approach: Report

Another voice has joined the chorus criticizing the European Union’s Artificial Intelligence Act, this time arguing that important provisions of…


Swiss e-ID resists rushing trust infrastructure

Switzerland is debating on how to proceed with the technical implementation of its national digital identity as the 2026 deadline…


Former Jumio exec joins digital ID web 3.0 project

Move over Worldcoin, there’s a new kid on the block vying for the attention of the digital identity industry and…


DHS audit urges upgrade of biometric vetting for noncitizens and asylum seekers

A recent audit by the DHS Office of Inspector General (OIG) has called for the Department of Homeland Security (DHS)…


13 Replies to “Shutterfly facial recognition lawsuit goes forward”

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Most Read This Week

Featured Company

Biometrics Insight, Opinion

Digital ID In-Depth

Biometrics White Papers

Biometrics Events