ARTICLE
5 January 2016

Photo Storage Service's Collection Of Faceprints May Violate Illinois Biometric Privacy Statute

PR
Proskauer Rose LLP

Contributor

The world’s leading organizations and global players choose Proskauer to represent them when they need it the most. Our top tier team of star trial attorneys, acclaimed transactional lawyers and exceptionally talented partners and associates have earned a reputation for the relentless pursuit of perfection and a dauntless pursuit of success.
As we have previously noted, there are several ongoing privacy-related lawsuits alleging that facial recognition-based systems of photo tagging violate the Illinois Biometric Information Privacy Act.
United States Media, Telecoms, IT, Entertainment

As we have previously noted, there are several ongoing privacy-related lawsuits alleging that facial recognition-based systems of photo tagging violate the Illinois Biometric Information Privacy Act (BIPA). The photo storage service Shutterfly and the social network Facebook are both defending putative class action suits that, among other things, allege that such services created and stored faceprints without permission and in violation of BIPA. In the suit against Shutterfly, plaintiff claims he is not a registered Shutterfly user, but that a friend had uploaded group photos depicting him and, upon prompting, tagged him in the photo, thereby adding his faceprint to the database (plaintiff, as a non-member of the service, had never formally consented to this collection of biometric data). Shutterfly had filed a motion to dismiss, arguing that scans of face geometry derived from uploaded photographs are not "biometric identifiers" under BIPA because the statute excludes information derived from photographs.

Last week, an Illinois district court denied Shutterfly's motion to dismiss (Norberg v. Shutterfly, Inc., No. 15-05351 (N.D. Ill. Dec. 29, 2015)). In a terse order, the court first found that there were sufficient minimum contacts to establish specific personal jurisdiction over Shutterfly in the Illinois forum. Next, the court considered the claim under the Illinois biometric privacy law. Without engaging in a thorough analysis of the statute and its exceptions at this early stage in the litigation, the court ruled that the plaintiff could proceed with his claim under BIPA:

"Here, Plaintiff alleges that Defendants are using his personal face pattern to recognize and identify Plaintiff in photographs posted to Websites. Plaintiff avers that he is not now nor has he ever been a user of Websites, and that he was not presented with a written biometrics policy nor has he consented to have his biometric identifiers used by Defendants. As a result, the Court finds that Plaintiff has plausibly stated a claim for relief under the BIPA."

We will continue to closely watch the ongoing litigation surrounding biometric privacy – particularly since the specific Illinois biometric privacy statute has yet to be interpreted in great depth by a court with respect to facial recognition technology.

Photo Storage Service's Collection Of Faceprints May Violate Illinois Biometric Privacy Statute

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.

See More Popular Content From

Mondaq uses cookies on this website. By using our website you agree to our use of cookies as set out in our Privacy Policy.

Learn More