Facebook has agreed to pay $550 million to settle a class-action lawsuit alleging that it violated Illinois state law by using facial recognition technology without users’ consent. The settlement is one of the largest ever paid in a privacy-related case and covers an estimated six million Facebook users in Illinois who affect by the company’s use of facial recognition technology.
Background of the Lawsuit
The lawsuit, which filed in 2015, accused Facebook of violating the Biometric Information Privacy Act (BIPA) by using facial recognition technology to scan users’ faces without their consent. BIPA requires companies to obtain written consent from individuals before collecting and storing their biometric information, such as facial scans. The lawsuit claimed that Facebook had violated this law by automatically scanning users’ faces and creating facial templates without their consent.
Settlement Agreement and Implications
Facebook’s decision to pay the $550 million settlement shows that companies can be held accountable for violating privacy laws related to biometric data. Going forward, companies will need to be transparent about their use of biometric data, obtain explicit consent from individuals before collecting and storing this sensitive information, and implement strong security measures to protect this data from theft or misuse.
The Illinois law in question, the Biometric Information Privacy Act, requires companies collecting biometric data to establish written policies detailing how long they intend to keep it, along with “guidelines for permanently destroying biometric identifiers and biometric information.” The settlement also includes injunctive relief that will require Facebook to obtain full consent from Illinois consumers before any collection of their biometric information takes place.
Notably, the settlement still needs to approve by the district court. Additionally, Facebook is facing further legal challenges related to privacy violations, including the recent Clearview AI scandal where the facial recognition app scraped the social media platform for billions of user photos. Facebook’s response to this issue remains to be seen.
Facebook’s recent settlement with Illinois users is just the latest in a string of privacy violations that the company has faced over the years. The company has been under scrutiny for its data collection practices, which include tracking users’ activity both on and off the platform, and sharing user data with third-party companies.
Some of the notable privacy scandals that Facebook has faced in recent years include:
- Cambridge Analytica Scandal: In 2018, it reveal that political consulting firm Cambridge Analytica had harvested data from millions of Facebook users without their consent. This data reportedly used to influence the 2016 U.S. presidential election.
- FTC Settlement: In 2019, Facebook agreed to pay a $5 billion fine to settle a Federal Trade Commission (FTC) investigation into the company’s privacy practices. The investigation launched in the wake of the Cambridge Analytica scandal.
- Data Breaches: Facebook has experienced several high-profile data breaches in recent years, including a breach in 2018 that exposed the personal data of nearly 30 million users.
Facebook’s Response to Privacy Violations
Despite the numerous privacy violations that Facebook face, the company has criticize for its slow and inadequate response to these issues. Critics argue that Facebook has not done enough to protect users’ privacy, and that the company has been more focused on protecting its bottom line than on protecting its users’ data.
In response to the Illinois lawsuit, a Facebook spokesperson stated that the company continues to believe that the case has no merit and that it will defend itself vigorously. However, the $550 million settlement suggests that the company is willing to pay a significant sum to avoid further legal action.
Moving Forward: The Future of Privacy Regulations
The Illinois Biometric Information Privacy Act is one of the strongest privacy laws in the United States, but many other states and countries are beginning to implement similar regulations. The European Union’s General Data Protection Regulation (GDPR), for example, requires companies to obtain explicit consent from users before collecting their data and to provide users with greater control over their personal information.
As more states and countries implement these types of privacy regulations, companies like Facebook will need to adapt their data collection and sharing practices to ensure that they are in compliance with these laws. Failure to do so could result in significant legal and financial consequences for these companies.
