Impact of Facebook $650 million Patel BIPA settlement
By David J. Oberly, Biometric Privacy & Data Privacy Attorney
The original $550 million figure and Judge Donato’s response
In early 2020, Facebook made headlines when it agreed to pay $550 million to settle its longstanding Biometric Information Privacy Act (BIPA) dispute in Patel v. Facebook, Inc., No. 3:15-cv-03747 (N.D. Cal.), relating to the use of its facial recognition “tag suggestions” feature.
Despite the fact that in absolute monetary terms, the $550 million figure dwarfed all previous BIPA settlements before it, in June U.S. District Court Judge James Donato rejected the parties’ proposed settlement terms. In doing so, the Judge voiced his concerns with a number of aspects of the agreement, and two in particular.
First, Judge Donato took issue with the monetary aspect of the settlement terms and—more specifically— the agreement’s “unduly steep” discount on statutory damages under BIPA and the failure to account for BIPA’s enhanced damages of $5,000 for reckless violations.
Second, Judge Donato also took issue with the remedial aspect of the agreement, which did not propose that Facebook implement any new practices to better protect its users’ biometric privacy rights, despite the fact that it had recently been forced to enter into a consent decree with the FTC to revamp its data privacy practices as a result of the social media company’s improper use of consumers’ personal information.
As such, Judge Donato denied the parties’ motion for preliminary approval of the settlement.
Facebook’s revised settlement terms and subsequent approval
After the original proposed settlement rejected, Facebook made several modifications to the terms of its settlement to directly address the court’s concerns.
After holding a second hearing featuring live testimony from Facebook’s facial recognition product team, Judge Donato approved Facebook’s revised settlement terms, finding that Facebook had adequately remedied both of the primary deficiencies that doomed Facebook’s original offer.
With respect to the monetary aspect of the agreement, the Judge noted that the $100 million increase in the settlement fund substantially allayed the court’s concern about the potential inadequacy of payments to class members in light of BIPA’s statutory penalties.
Likewise, the Judge also found the enhanced remedial, prospective relief offered by Facebook remedied the problems that existed with respect to the other primary deficiency of the original agreement. In particular, the Judge noted that Facebook had agreed that its facial recognition setting would be changed to a default “opt-in” basis globally, which the Judge characterized as a “meaningful” remedy that would confer a benefit to the class.
As a result of the improvements made by Facebook in its updated offer, the court signed off on the litigants’ revised proposed settlement agreement.
While most observers only saw the jump in Facebook’s monetary settlement offer from $550 million to $650 million, that was only one piece of the puzzle that led the court to approving Facebook’s revised settlement terms.
In addition to the increase in settlement funds, the court also found significant the fact that Facebook also agreed to take proactive remedial measures to improve its biometric privacy practices, which the court felt was necessary—especially in light of the fact that Facebook’s problematic data privacy practices had previously led the social media giant to enter into a consent decree with the FTC.
The Facebook Patel BIPA settlement is a significant development in the area of biometric privacy for several reasons. First, plaintiff’s attorneys have obviously set their sights on BIPA as the next class action cash cow, primarily due to the high damages figures and low bar for establishing liability that is presented by Illinois’s biometric privacy law. The Illinois Supreme Court’s decision in Rosenbach has led to a feeding frenzy of BIPA class action filings since early 2019, and the eye-popping $650 million Facebook agreed to pay to resolve the Patel litigation will only give plaintiffs’ attorneys even more incentive to pursue BIPA class litigation, even where no actual or injury has taken place, moving forward.
Importantly, even though the Facebook Patel litigation is anything but reflective of a typical BIPA dispute, plaintiff’s attorneys will almost certainly use this settlement figure as a yardstick to value other settlements, driving up settlement values and making it substantially harder for smaller entities to resolve BIPA litigation for a reasonable price.
In addition, the Patel Facebook settlement is also noteworthy because it indicates that courts may scrutinize the terms of proposed BIPA settlements more closely as compared to other types of class litigation. As the Illinois Supreme Court noted in Rosenbach, subjecting companies that fail to follow BIPA’s requirements to substantial liability—including liquidated damages, attorneys, fees, and litigation expenses for each violation of the law—was one of the principal means that the Illinois legislature adopted to achieve BIPA’s objective of protecting individuals’ biometric data. See Rosenbach, 432 Ill. Dec. at 663. Judge Donato’s rejection of the initial $550 million offer indicates that courts may take a much harder look at settlement claims rates before approving proposed class settlements in BIPA cases to further this purpose of the Illinois law.
At the same time, the events underlying the Patel settlement may also prompt judges to scrutinize proposed settlements more rigorously in other types of privacy and data breach class action litigation as well.
Ultimately, the Patel settlement may lead to significantly increased settlement figures in class action statutory damages cases, which have traditionally garnered much lower figures as compared to those disputes where actual harm or injury is involved.
About the author
David J. Oberly is an attorney in the Cincinnati office of Squire Patton Boggs LLP and is a member of the firm’s global Data Privacy, Cybersecurity, and Digital Assets Practice. David serves as the go-to legal advisor for companies that utilize biometrics in their operations—counseling clients on the full range of legal and regulatory compliance obligations applicable today and helping companies navigate the ever-evolving biometric privacy legal landscape to ensure compliance and mitigate risk. David also has extensive experience and expertise in defending companies across all industries in high-stakes, high-exposure biometric privacy class action litigation—and BIPA class actions in particular. In addition, David also advises companies on a broad range of other privacy, security, and data protection issues that arise while operating in today’s highly-digital world. He can be reached at firstname.lastname@example.org.
DISCLAIMER: Biometric Update’s Industry Insights are submitted content. The views expressed in this post are that of the author, and don’t necessarily reflect the views of Biometric Update.
biometric data | biometrics | BIPA | data protection | Facebook | facial recognition | lawsuit | legislation | privacy