FB pixel

Google accused of violating the Illinois Biometric Information Privacy Act


Google has become the latest technology firm to face legal action after being accused of violating the 2008 Illinois Biometric Information Privacy Act over the use of facial recognition technology and photo sharing.

The Illinois statute requires companies that gather biometric data to notify people about the practice before collecting data, and to publish a schedule for destroying the information.

The statute defines biometric identifier as “any personal feature that is unique to an individual, including fingerprints, iris scans, DNA and ‘face geometry,’ among others,” and establishes biometric information as “any information captured, converted, stored, or shared based on a person’s biometric identifier used to identify an individual.” The law allows for damages of $5,000 for each intentional violation and $1,000 for each negligent violation.

A Chicago resident named Lindabeth Rivera filed the class action complaint on March 1 in federal court in Chicago. The complaint is similar to claims lodged in Chicago federal court in June and August last year against Shutterfly and Facebook over their use of facial recognition technology in digital photo sharing and social media.

In January, a federal judge in Illinois dismissed a lawsuit challenging Facebook’s use of facial recognition software, commenting: “Because plaintiff does not allege that Facebook targets its alleged biometric collection activities at Illinois residents, the fact that its site is accessible to Illinois residents does not confer specific jurisdiction over Facebook.”

In the same month, a different federal judge in Illinois allowed lawsuit against Shutterfly Inc. to proceed despite the company’s claims that its tagging software does not break state privacy law. Shutterfly argued that the Illinois Biometric Information Privacy Act (BIPA) does not pertain to “photographs and any information gleaned from photographs” as they “cannot be biometric identifiers”.

According to Rivera’s complaint, as reported by Cook County Record, Google’s cloud-based Google Photos service has “created, collected and stored” millions of “face templates or face prints from millions of Illinois residents, many thousands of whom are not even enrolled in the Google Photos service. Google creates these templates using sophisticated facial recognition technology that extracts and analyzes data from the points and contours of faces that appear in photos taken on Google Droid devices and uploaded to the cloud-based Google Photos service.

“Each face template that Google extracts is unique to a particular individual, in the same way that a fingerprint or voiceprint uniquely identifies one and only one person,” the complaint said. “Since the service functions without respect to whether any of the people have Google Photos accounts, the company did not meet its obligation under BIPA guidelines to notify non-users “of the specific purpose and length of term for which their biometric identifiers or information would be collected, stored and used, nor did Google obtain a written release from any of these individuals. … Google does not have written, publicly available policies identifying their retention schedules, or guidelines for permanently destroying non-users’ biometric identifiers or information.”

Rivera has asked the court for class certification and a jury trial and to award BIPA’s statutory damages and attorney fees, as well as an order requiring Google to comply with the act.

Article Topics

 |   |   |   |   |   |   |   | 

Latest Biometrics News


Could be 25 years before TSA gets facial recognition in all US airports

The Transportation Security Administration (TSA) foresees significant delays in implementing facial recognition across U.S. airports if revenue continues to be…


Single solution for regulating AI unlikely as laws require flexibility and context

There is no more timely topic than the state of AI regulation around the globe, which is exactly what a…


Indonesia’s President launches platform to drive digital ID and service integration

In a bid to accelerate digital transformation in Indonesia, President Joko Widodo launched the Indonesian government’s new technology platform, INA…


MFA and passwordless authentication effective against growing identity threats

A new identity security trends report from the Identity Defined Security Alliance (IDSA) highlights the challenges companies continue to face…


Zighra behavioral biometrics contracted for Canadian government cybersecurity testing

Zighra has won a contract with Shared Services Canada (SSC) to protect digital identities with threat detection and Zero Trust…


Klick Labs develops deepfake detection method focusing on vocal biomarkers

The rise in deepfake audio technology has significant threats in various domains, such as personal privacy, political manipulation, and national…


24 Replies to “Google accused of violating the Illinois Biometric Information Privacy Act”

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Most Read This Week

Featured Company

Biometrics Insight, Opinion

Digital ID In-Depth

Biometrics White Papers

Biometrics Events