Google requests appeal of decision in biometric privacy lawsuit

Google has requested permission from U.S. District Court Judge Edmond Chang to immediately appeal his decision to allow a class-action lawsuit accusing Google of violating the Illinois Biometric Information Privacy Act (BIPA), to proceed, according to a report by Media Post.

On February 27, Chang issued a ruling that allowed Illinois residents Lindabeth Rivera and Joseph Weiss to proceed with their lawsuit against Google for using facial recognition to create face templates from photographs.

Rivera initially filed a lawsuit against Google in March 2016 over allegations that the company was in violation of the 2008 Illinois BIPA over the use of facial recognition technology and photo sharing.

The Illinois statute requires organizations that collect biometric data to alert people about the practice before they begin to gather data, and to post a timeline for deleting the data.

The statute defines biometric identifier as “any personal feature that is unique to an individual, including fingerprints, iris scans, DNA and ‘face geometry,’ among others,” and biometric information as “any information captured, converted, stored, or shared based on a person’s biometric identifier used to identify an individual.”

Under this law, organizations can be penalized $5,000 for each intentional violation and $1,000 for each negligent violation.

The court held that information about people’s physical traits gleaned from photographs is covered under the BIPA, just as information derived from an in-person facial scan would be. The court’s ruling, which follows similar cases, is the latest to block a potential litigation escape route for companies using facial-recognition technology.

Rivera said in her complaint that she does not have a Google Photos account, and that photos of herself that were taken by another person were subsequently uploaded to the service.

The plaintiff alleges that Google scanned these photos, extracted “geometric data relating to the contours of her face and the distances between her eyes, nose, and ears,” and generated a template of her face.

Meanwhile, Weiss said in his complaint that he uploaded 21 photos of himself to his Google Photos account, and that Google obtained data from those images to generate a faceprint of him.

However, the law specifically excludes “photos” from the definition of “biometric identifiers”, and excludes data taken from photos from its definition of “biometric information.”

Based on these exclusions, Google argued the case should be dismissed because Illinois lawmakers did not intend to regulate faceprints that were created from photos.

Judge Chang disagreed with Google’s position, ruling that BIPA covers “scans of facial geometry” despite how they are generated.

“The bottom line is that a ‘biometric identifier’ is not the underlying medium itself, or a way of taking measurements, but instead is a set of measurements of a specified physical component (eye, finger, voice, hand, face) used to identify a person,” he wrote in his ruling.

Google said this questions whether BIPA covers faceprints generated from photos should be decided by the Seventh Circuit Court of Appeals.

“If the Seventh Circuit agrees with Google’s reading of BIPA, that will be the end of the case,” Google said in its motion.

The company also stated that even if the appeals court asserts Chang’s ruling, an appellate decision “may clarify the meaning of ‘biometric identifier’ in a manner that focuses discovery and trial preparation, and therefore helps the parties and the court resolve this litigation as efficiently as possible.”

The Google case, along with other lawsuits against Facebook, Shutterfly and Snapchat, could lead the Illinois General Assembly to revisit a 2016 bill to exempt biometric information obtained from photographs from being covered by BIPA protections.

The plaintiffs’ lawyers are expected to respond to Google’s motion by March 30.

Article Topics

biometrics  |  BIPA  |  facial recognition  |  Google  |  lawsuit  |  privacy