New biometrics privacy lawsuits filed against video sharing and loss prevention systems
A class-action suit has been filed against video sharing platform Vimeo over the use of biometric facial recognition in its Magisto app, which Vimeo acquired earlier this year, the Cook County Record reports.
According to the complaint, Magisto is used to edit and upload videos and photos, all of which are scanned to identify those who appear in them with biometrics. The biometric templates are then used to match content with other content featuring the same people. Magisto performs the same analysis for users and non-users, and does not comply with the informed consent requirements of Illinois’ Biometric Information Privacy Act (BIPA).
The potential class in the suit could include all Illinois residents appearing in photos and videos uploaded to Magisto.
Most BIPA suits are filed by employees over time and attendance systems, while a suit against Facebook over its “face tagging” feature is probably the closest equivalent. Facebook was recently denied a motion to dismiss the case on ground of inadequate standing, and to prevent the action from proceeding as a class action.
Restrictions on the use of biometric data may be spreading to other states as well, as the California Consumer Protection Act (CCPA) is borrowed from, at least in part, by legislation introduced in at least a dozen other states, according to an editorial by a pair of solicitors at Fisher Phillips for Law.com. CCPA specifically includes biometric data among sensitive information that requires disclosure to the subject for collection.
“Privacy laws are slowly and steadily making advancements in the protection of individual rights, and catching up with current technology,” Lawyers Risa B. Boerner and Jeffrey M. Csercsevits conclude. “Employers would do well to take note of these advancements, monitor the status of pending privacy legislation, and adjust their practices and procedures accordingly.”
More BIPA cases
The number of private actions under BIPA alleging violations of the informed consent requirements for biometric time and attendance systems continues to mount, with Four Seasons Heating & Air Conditioning among the latest to be named by a former employee, according to the Cook County Record. The wording of the report seems to suggest that authorization and notifications were provided, but only after biometric data had been collected and analyzed, which could present a new wrinkle in BIPA case law.
Nep Electronics allegedly violated the notice and consent statutes of BIPA, and shared biometric data with third party vendors for timekeeping, data storage, and payroll purposes, Top Class Actions reports.
Suits have also been filed against Lowes in Cook County Circuit Court and against Home Depot in an Atlanta federal court, with both alleging the use of facial recognition on the retailers’ loss prevention security camera systems, the Cook Country Record reports. The two suits were filed simultaneously and are virtually identical, according to the Record, claiming the stores “surreptitiously attempt to collect the faceprint of every person who appears in front of one of their facial-recognition cameras.”
If the claims are true, the practice likely violated BIPA’s informed consent requirements. A co-defendant “John Doe” is named in the suits as a third-party recipient of biometric data.
The same plaintiffs are named in both actions, and claim to be Illinois residents who have shopped at the defendants Illinois locations.
Like the Vimeo and Facebook suits, the potential class is quite large, potentially including hundreds of thousands of plaintiffs or more.