Commentary

Facebook Should Face Privacy Suit Over Faceprints, ACLU Argues

Before news about Cambridge Analytica became one of Facebook's biggest headaches, the company was dealing with an entirely different privacy controversy -- its own use of photos to create a database matching people's names with their faces.

In 2015, Illinois residents alleged in a class-action complaint that Facebook's faceprint database violated a state law regulating the collection and use of biometric data. That 10-year-old law -- one of the strongest privacy laws in the country -- requires companies to obtain written releases from people before collecting “face geometry” and other biometric data.

The battle centers on Facebook's photo-tagging function, which recognizes users' faces and suggests their names when they appear in photos uploaded by their friends. To accomplish this, the social networking service draws on its vast trove of users' photos.

advertisement

advertisement

A trial judge ruled earlier this year that the Illinois residents can proceed with their lawsuit. Facebook is currently appealing that decision to the 9th Circuit Court of Appeals, where the company argues that the consumers shouldn't be able to move forward because they weren't injured by the alleged practices.

Facebook has drawn support from other groups, including Silicon Valley's Internet Association, which warned that a ruling against Facebook could discourage companies from developing new technologies -- including ones that allow people to unlock smartphones without a password, or assist with medical research.

But this week, a host of privacy advocates and civil liberties groups urged the 9th Circuit to side with the Illinois residents who are suing.

“Without reasonable limits, biometric technologies enable corporations and law enforcement to pervasively track people’s movements and activities in public and private spaces, and risk exposing people to forms of identity theft that are particularly hard to remedy,” the ACLU, Electronic Frontier Foundation, Center for Democracy & Technology and others write in a friend-of-the-court brief.

The organizations note host of different types of organizations -- retailers, churches, schools and banks -- have started using facial recognition technology and other types of biometric technology in the 10 years since Illinois lawmakers passed the landmark Biometric Information Privacy Act.

They argue that the Illinois law is the only protection against “pervasive invasions of privacy through surreptitious surveillance technologies,” and that people must be able to enforce that law through lawsuits.

“Without the legal protections afforded by BIPA, people cannot control the dissemination of their biometric information and cannot know if information collected for one purpose is sold, traded, or used for another,” the organizations write. “As biometric technologies become increasingly prevalent in everyday life, the modest safeguards contemplated by the Illinois legislature more than a decade ago are even more essential to protect personal privacy.”

Next story loading loading..