BIPA suit against X Corp. killed as judge hashes out ‘biometric identifiers’

The question of whether photos collected by social media sites constitute biometric data has another answer, this one from an Illinois federal judge – and it is a no. Law360 reports that U.S. District Judge Sunil R. Harjani threw out a proposed class action suit alleging that the social network X, which devolved from Twitter, violated the state’s Biometric Information Privacy Act (BIPA) act in using software to scan for offensive images.
The judge says the lead plaintiff, Chicago resident Mark Martell, did not provide proof of facial geometry scanning, and “failed to allege that the tool can be used to identify specific individuals.”
The tool in question is the PhotoDNA software developed by Microsoft. It analyzes uploaded user photos and stores biometric data of individuals in the photos to determine if they contain nudity or pornographic content. Martell alleged X used the tool “without first making certain disclosures and securing written, informed permission,” as required under BIPA.
Harjani’s ruling against the plaintiff echoes the recent BIPA case that saw Facebook exonerated of allegations it had illegally collected users’ biometric data with its “Tag Suggestions” feature. In both cases, it was determined that a “hash” or face signature – a unique digital signature generated from a photograph, which consists of a number based on the shading of geometric divisions of an image – does not qualify as a scan of facial geometry, and therefore does not violate BIPA on the grounds Martell alleges.
“While plaintiff alleged that PhotoDNA scanned the photo to create a unique hash,” Haranji’s decision says, “plaintiff did not allege facts indicating that the hash is a scan of face geometry, as opposed to merely a record of the photo.” The allegations, he says, “leave open the question of whether the hash is a unique representation of the entire photo or specific to the faces of the people in the picture.”
In other words, Martell assumed that the PhotoDNA tool involved the scanning of face geometry – but, according to the courts, was wrong. That, plus the fact that it was not shown to be used to identify specific individuals, but rather do something more akin to object detection, put the final spike in Martell’s suit.
BIPA defines a “biometric identifier” as “a retina or iris scan, fingerprint, voiceprint, or scan of hand or face geometry.” It does not cover photographs, to limit what would be an impossibly broad scope.
“[If] the court were to read BIPA as applying to any retina or iris scan, fingerprint, voiceprint, or scan of hand or face geometry without those items actually identifying an individual, it would contravene the very purpose of BIPA,” Judge Haranji argues. “If a face geometry scan could not identify an individual, how could a business provide the individual with notice and obtain their consent?”
BIPA’s private right of action, which allows users to sue violators for damages, has proven to be a major stumbling block for noncompliant biometrics companies.
Article Topics
biometric data | biometric identifiers | Biometric Information Privacy Act (BIPA) | data privacy | face biometrics | lawsuits | Microsoft | social media | X (twitter)
Comments