On February 27, 2017, an Illinois federal court denied Google’s motion to dismiss a claim alleging that Google handles images in violation of the Illinois 2008 Biometric Information Privacy Act (BIPA).
In a (putative) class action against Google Photos, plaintiffs alleged that the service collects, stores and uses- without informed consent and in violation of BIPA – the “users’ biometric identifiers and biometric information”.
The BIPA forbids the unauthorized collection and storing of some types of biometric data and requires companies to obtain consent before “disclosing” the individual’s biometric information. Plaintiffs argued that Google took a scan of their facial geometry without consent.
Google moved to dismiss the claims, arguing that the BIPA only applies to digital scans of real faces while face-scan measurements derived from a photograph would not qualify as biometric identifiers. In other words, only face scans that are done in person can qualify as biometric identifiers.
In denying the motion to dismiss, the court reasoned that the “face templates” (as Plaintiffs called them) generated by Google do qualify as a biometric identifier under the BIPA. For each face template, Google creates a set of biology-based measurements (“biometric”) that is used to identify a person (“identifier”). More importantly, a face template is one of the specified biometric identifiers in the BIPA, namely, a “scan of … face geometry.” 740 ILCS 14/10.
If the court issues a decision on the merit, and other courts take the same position, tech companies (like Facebook and Google Photo) will need to notify users about collection and retention of facial geometry, also if gained through pictures.
Rivera v. Google Inc., 2017 U.S. Dist. LEXIS 27276 (N.D. Ill. Feb. 27, 2017) is available (with subscription) on https://advance.lexis.com
More on privacy issues in biometric is available at http://www.technethics.com…
For more information on privacy issues, contact Francesca Giannoni-Crystal.