A federal district court denies Facebook's request to dismiss a case that alleges that the social media giant violated Illinois biometric privacy laws with its photo-tagging feature.
Facebook F8: AI, Future Of Apps On Display
(Click image for larger view and slideshow.)
Facebook has lost the first round in a legal fight that alleges that the social media giant's photo tagging violates privacy rights.
A US District Judge James Denato said on Thursday that plaintiffs Nimesh Patel, Adam Pezen, and Carlo Licata can move forward in their Facebook biometric information privacy lawsuit. Although the plaintiffs are Illinois residents who filed in Illinois, all parties in the case agreed to transfer the case to the US District Court of Northern District of California, according to court documents. Donato denied Facebook's request to dismiss the case and set a case management conference for June 15.
The lawsuit, filed in 2015, argued that Facebook "amassed users' biometric data secretly and without consent," according to a PDF of court documents obtained by InformationWeek. The parties specifically cited Facebook's use of its Tag Suggestions program, in which users can upload photos to their Facebook account and tag the photos with an individual's identity.
According to the lawsuit, the parties filed their class action lawsuit under the Illinois Biometric Information Privacy Act (BIPA ). Facebook had argued that the plaintiffs had signed a user agreement that stipulated California state laws would govern the agreement. But Donato ruled the contractual choice of law would not apply.
In his ruling, he stated:
It is equally undeniable that enforcing the contractual choice of California law would be contrary to this policy in the starkest way possible. Facebook tries to downplay the conflict as merely the loss of a claim. But if California law is applied, the Illinois policy of protecting its citizens' privacy interests in their biometric data, especially in the context of dealing with "major national corporations" like Facebook, would be written out of existence. That is the essence of a choice-of-law conflict. The conflict is all the more pronounced because California has no law or policy equivalent to BIPA. Unlike Illinois, California has not legislatively recognized a right to privacy in personal biometric data and has not implemented any specific protections for that right or afforded a private cause of action to enforce violations of it.
Illinois' greater interest in the outcome of this BIPA dispute is also readily apparent. The fundamental question on this point is "which state, in the circumstances presented, will suffer greater impairment of its policies if the other state's law is applied." The answer here could not be clearer. Illinois will suffer a complete negation of its biometric privacy protections for its citizens if California law is applied. Facebook makes the implausible argument that California has the superior interest of needing to provide "certainty and predictability to technology companies like Facebook" by "enforcing choice-of-law provisions." This makes little sense.
[Editor's note: References to specific document numbers and case numbers in the above quote have been omitted for easier reading.]
The judge added that, while California has a significant interest in enforcing contracts executed by its citizens and businesses, Illinois in this particular case has a "case-specific interest" in protecting its residents from losing statutory protections.
Although the judge noted that further facts in the case may emerge that could affect the plaintiff's BIPA claims, for now the court accepts their allegations that Facebook's face recognition technology involves scanning a person's face geometry and does it without the plaintiff's consent.
The plaintiffs are seeking a jury trial and $75,000 in damages.
Dawn Kawamoto is an Associate Editor for Dark Reading, where she covers cybersecurity news and trends. She is an award-winning journalist who has written and edited technology, management, leadership, career, finance, and innovation stories for such publications as CNET's ... View Full Bio
How Enterprises Are Attacking the IT Security EnterpriseTo learn more about what organizations are doing to tackle attacks and threats we surveyed a group of 300 IT and infosec professionals to find out what their biggest IT security challenges are and what they're doing to defend against today's threats. Download the report to see what they're saying.
IT Strategies to Conquer the CloudChances are your organization is adopting cloud computing in one way or another -- or in multiple ways. Understanding the skills you need and how cloud affects IT operations and networking will help you adapt.