Two Chicago siblings are asking a
federal appellate court to revive their class-action lawsuit accusing Take-Two Interactive Software of violating an Illinois privacy law by collecting faceprints of video game players.
Vanessa
and Ricardo Vigil argue in papers filed this week that Take-Two's alleged violations of the Illinois Biometric Information Privacy Act caused the kind of concrete harm that justifies a lawsuit.
"Take-Two’s practices violate both the core object of [the biometric privacy law] and each of the statute’s procedural requirements, compromising and creating material risk of harm to
the privacy of the Vigils and the putative class members," they say in a brief filed with the 2nd Circuit Court of Appeals.
The battle dates to October 2015, when the Vigils filed suit over
the facial-scanning technology used in the game NBA 2K15. The Vigils alleged that game used their facial scans -- which were captured by the platform's camera -- in order to create avatars that
resembled them.
advertisement
advertisement
The Vigils claimed in a class-action complaint that Take-Two violated the Illinois Biometric Information Privacy Act -- a 2008 law that requires companies to obtain written
releases from people before collecting biometric data like “face geometry,” and obligates companies to notify people about biometric data collection and publish a schedule for destroying
the information.
Take-Two argued that the case should be dismissed on the grounds that the Vigils didn't suffer any concrete injury as a result of any alleged violations of the Illinois
law.
U.S. District Court Judge John Koeltl in New York agreed with the company.
"There is no allegation that Take-Two has disseminated or sold the plaintiffs’ biometric data to
third parties, or that Take-Two has used the plaintiffs’ biometric information in any way not contemplated," Koeltl wrote in a ruling issued earlier this year.
He added that the Vigils
agreed to the game's terms and conditions, and that the game's scanning feature worked as intended.
The Vigils said they were at an "enhanced risk of harm" in the future because their
faceprints were now in Take-Two's possession. But Koeltl said that possibility was too speculative to warrant a lawsuit.
The consumers are now asking the 2nd Circuit to reverse that decision.
Among other arguments, they say that they can proceed because the Illinois statute confers on residents a "concrete interest in maintaining privacy over this sensitive biometric data."
The
argument over whether the Vigils allegedly suffered a "concrete" injury stems from the Supreme Court's 2016 decision in a separate lawsuit brought by Virginia resident Thomas Robins against online
data aggregator Spokeo. Robins alleged in that matter that Spokeo violated the federal Fair Credit Reporting Act by displaying incorrect information about him.
The Supreme Court said last year Robins could only proceed with his case if he could prove that
any errors resulted in a "concrete" injury.
Since that ruling came out, judges around the country have struggled to determine what kind of injury is "concrete." Rulings have been mixed, but
some judges have said that consumers can still sue companies for allegedly violating laws regarding robocalling and robotexting.
The Vigils call attention in their new legal papers to those
decisions. "If the receipt of an unsolicited phone call is invasive enough to constitute a concrete harm, then having one’s sensitive biological data taken without authorization surely is as
well," they argue.
Take-Two is expected to file its response by next month.
Google and Facebook face separate lawsuit accusing them of also violating the Illinois biometrics privacy
law.