FB pixel

Google accused of violating the Illinois Biometric Information Privacy Act

| Stephen Mayhew
Categories Biometrics News  |  Commercial Applications  |  Facial Recognition
 

Google has become the latest technology firm to face legal action after being accused of violating the 2008 Illinois Biometric Information Privacy Act over the use of facial recognition technology and photo sharing.

The Illinois statute requires companies that gather biometric data to notify people about the practice before collecting data, and to publish a schedule for destroying the information.

The statute defines biometric identifier as “any personal feature that is unique to an individual, including fingerprints, iris scans, DNA and ‘face geometry,’ among others,” and establishes biometric information as “any information captured, converted, stored, or shared based on a person’s biometric identifier used to identify an individual.” The law allows for damages of $5,000 for each intentional violation and $1,000 for each negligent violation.

A Chicago resident named Lindabeth Rivera filed the class action complaint on March 1 in federal court in Chicago. The complaint is similar to claims lodged in Chicago federal court in June and August last year against Shutterfly and Facebook over their use of facial recognition technology in digital photo sharing and social media.

In January, a federal judge in Illinois dismissed a lawsuit challenging Facebook’s use of facial recognition software, commenting: “Because plaintiff does not allege that Facebook targets its alleged biometric collection activities at Illinois residents, the fact that its site is accessible to Illinois residents does not confer specific jurisdiction over Facebook.”

In the same month, a different federal judge in Illinois allowed lawsuit against Shutterfly Inc. to proceed despite the company’s claims that its tagging software does not break state privacy law. Shutterfly argued that the Illinois Biometric Information Privacy Act (BIPA) does not pertain to “photographs and any information gleaned from photographs” as they “cannot be biometric identifiers”.

According to Rivera’s complaint, as reported by Cook County Record, Google’s cloud-based Google Photos service has “created, collected and stored” millions of “face templates or face prints from millions of Illinois residents, many thousands of whom are not even enrolled in the Google Photos service. Google creates these templates using sophisticated facial recognition technology that extracts and analyzes data from the points and contours of faces that appear in photos taken on Google Droid devices and uploaded to the cloud-based Google Photos service.

“Each face template that Google extracts is unique to a particular individual, in the same way that a fingerprint or voiceprint uniquely identifies one and only one person,” the complaint said. “Since the service functions without respect to whether any of the people have Google Photos accounts, the company did not meet its obligation under BIPA guidelines to notify non-users “of the specific purpose and length of term for which their biometric identifiers or information would be collected, stored and used, nor did Google obtain a written release from any of these individuals. … Google does not have written, publicly available policies identifying their retention schedules, or guidelines for permanently destroying non-users’ biometric identifiers or information.”

Rivera has asked the court for class certification and a jury trial and to award BIPA’s statutory damages and attorney fees, as well as an order requiring Google to comply with the act.

Article Topics

 |   |   |   |   |   |   |   | 

Latest Biometrics News

 

Stop treating identity as a compliance step. It’s infrastructure now

By Harry Varatharasan, Chief Product Officer, ComplyCube The UK governmentʼs digital identity consultation is closing, and for most commentators, this…

 

If you build it, they will leave: experts warn UK gov’t on digital ID approach

The UK Cabinet Office’s consultation on digital identity closed on Tuesday, Digital systems built by governments tend to decline over…

 

Shufti biometric PAD clears iBeta Level 3 with 0 errors across iOS, Android

London-based global identity verification and fraud prevention provider Shufti has passed a Level 3 evaluation of its biometric Presentation Attack…

 

OpenID draft spec for extended identity claims assurance up for approval

Voting is open for approval of a draft specification to extend OpenID Connect to cover new features for requesting and…

 

EES troubles ignite speculation of further suspensions

Crowds, chaos and cranky travelers: The EU’s biometric border management scheme, the Entry-Exit System (EES), continues to fill headlines as…

 

UK Home Office eyes suppliers for SCBP biometrics platform

The Home Office is hosting a preliminary market engagement event to engage with potential suppliers for two not-yet-guaranteed future procurements…

Comments

24 Replies to “Google accused of violating the Illinois Biometric Information Privacy Act”

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Continue Reading

Biometric Market Analysis and Buyer's Guides

Most Viewed This Week

Featured Company

Learn More

Biometrics Insight, Opinion

Digital ID In-Depth

Biometrics White Papers

Biometrics Events