Details of the Facebook facial recognition lawsuit
The class action suit involving facial recognition technology hinges on the court’s interpretation of landmark facial recognition legislation, the Illinois Biometric Information Privacy Act (BIPA), which went into effect in 2008 – several years before Facebook began using facial recognition technology to create the “tag suggestions” feature for photos uploaded to the social media platform. Facebook officially launched its facial recognition technology back in 2011, and the court case has been limited to possible privacy violations that might have taken place in the period from 2011 to 2015. The case alleges that Facebook illegally collected and stored biometric data, representing a violation of an individual’s private affairs and concrete interests.
Since 2015, the case has been working its way through America’s sometimes convoluted legal system, and the next step had been the certification of an official “class” of plaintiffs who could formally bring the class action lawsuit against Facebook. The Silicon Valley giant, as might be expected, has been fighting this case vigorously for the past several years, arguing that a class action lawsuit was not possible in this case. Instead, said Facebook, individuals would have to bring their case on a one-by-one basis instead of challenging the tech company as part of a certified class of plaintiffs.
So, it was big news when the Ninth U.S. Circuit Court of Appeals ruled that, indeed, there was a class of plaintiffs who could formally bring the case against Facebook. As the federal appeals court ruled, this class consists of “Facebook users in Illinois for whom Facebook created and stored a face template after June 7, 2011.” The limitation of this class to Illinois is important because Illinois is the state where the BIPA went into effect. But even limiting the plaintiffs to Illinois – one of America’s most populous states – is not going to help Facebook much, because the total number of those impacted within the state could be close to 7 million users. (By way of comparison, the city of Chicago in Illinois currently has a population of 2.7 million).
Before you continue reading, how about a follow on LinkedIn?
Penalties could amount to billions of dollars
As the lawyers are going to argue Facebook is in violation of BIPA, and that would trigger some rather severe penalties. For example, the official penalty is $1,000 for each negligent violation, and $5,000 for each intentional or reckless violation. Assuming that Facebook’s use of facial recognition technology was just misguided and negligent, and not intentional or reckless, then the reality is that Facebook could still stand to lose billions. All you have to do is some simple back-of-the-envelope calculations, and you can see the losses mounting quickly. Assuming that all 7 million Facebook users who are part of the class uploaded at least one photo to Facebook in the period from 2011-2015, and that’s 7 million x $1,000, or $7 billion. That’s assuming, of course, that there is only one violation per user. But what about Facebook users who used the social network daily, and uploaded hundreds of photos? The final size of the face recognition technology-related penalty for Facebook would be astronomical, in the tens of billions of dollars. In fact, such a severe violation of privacy using facial recognition technology might put Facebook out of business.
But what are the odds of that actually happening? After all, many legal observers didn’t think that the class action lawsuit had legs to stand on when it first started making its way through the courts. And, indeed, a similar challenge involving facial recognition technology brought against Google in 2018 ended up being dismissed by a court in Chicago. Facebook is still sounding positive about winning the case, telling the media that it has always fully disclosed its use of facial recognition technology, and that it has always given users the option of opting out of the technology.
Mounting privacy problems at Facebook
Clearly, social media giant Facebook is starting to experience a fundamental mind shift in the way the public and the courts view facial recognition technology. Facial recognition technology has transformed from something cute and novel – “Oh, look, Facebook has figured out that Uncle Bob is in my photo!” – to something rather sinister and disturbing. As the ACLU has pointed out, storing face templates is really creepy – much creepier than just storing social profiles of users. After all, as the ACLU noted, “You can’t change your face.” Once Facebook has created a face template for you, it has found a way to identify you wherever you go.
On top of this class action suit, the Federal Trade Commission (FTC) is hitting Facebook with fines. Currently pending approval by the U.S. Justice Department is a massive fine of $5 billion, the largest fine ever handed out by the FTC against a tech company. A huge fine stemming from violations of the Illinois Biometric Information Privacy Act that runs into the billions of dollars would represent a sort of “double whammy” for Facebook, in the form of back-to-back billion-dollar fines. And don’t forget about GDPR-related cases against Facebook over in Europe, any of which might result in tens of millions of dollars in new fines and penalties in 2019-2020.
#Facebook could be forced to pay out billions of dollars to users who had their ‘face templates’ used without consent. #privacy #respectdata
Click to Tweet
Going forward, it will be interesting to see how Facebook deals with what is shaping up to be an existential battle for its survival. After years in which it played fast and loose with users’ data and introduced new innovations like facial recognition technology specifically designed to obtain even more data from users, the game might finally be over for Facebook. For the Silicon Valley giant, it’s time to stop acting like a startup, and time to start acting like a global company with very real responsibilities towards its users.