Lawsuit alleges biometric privacy violations from face recognition algorithm training
Allegations that the Ever cloud photo service violated Illinois’ stringent biometric data privacy regulations have made Paravision the latest biometrics provider to face a civil suit under the statute.
Illinois resident Lynette Walton claims in a suit filed in California federal court that she used the Ever photo storage service, and the company used her images to train its facial recognition algorithms. The plaintiff is seeking class actions status, and the maximum damages of $5,000 per violation plus attorney’s fees.
The suit is filed in California federal court presumably because Paravision does not have offices or specifically market its service to people in Illinois, making it unlikely that state court would have jurisdiction, based on precedence.
The plaintiff alleges that she began using the service in 2017, and that the company profited from biometric processing of her images, through training its algorithm, without meeting BIPA’s informed consent requirements. These allegations are behind the plaintiff’s three related claims of statutory violations.
The suit is striking in its similarity to the series of suits alleging BIPA violations by tech giants and one biometrics-focused company, FaceFirst, in the course of their use of a dataset created to reduce or eliminate bias in facial recognition. It is not yet clear if BIPA applies to algorithm training (even if Paravision did use the plaintiff’s images to do so, which is unproven), because individuals are not identified during the process.
Google’s recent motion to dismiss the suit against it on the grounds that any alleged actions in violation of BIPA did not occur in Illinois could also apply to Paravision.
David Oberly of Blank Rome’s new Biometric Privacy Team recently wrote in a Biometric Update guest post that with the legal landscape around facial recognition shifting rapidly, there are some pro-active steps companies can take to limit their risk of legal exposure.