Facebook Inc. last week said it had agreed to pay $550 million to people in Illinois to settle claims the social-media giant had violated their privacy rights. The class-action lawsuit focused on
Facebook's use of facial recognition technology.
It's advisable for publishers to review whether they are exposed to any similar legal liability.
The difficulty is that
biometric data -- which includes information about fingerprints and face scans -- covers a broad range of personal information. Illinois' Biometric Information Privacy Act (BIPA) may be applied in
unforeseen ways. It may be relevant to publishers that allow readers to create online profiles that include personal photos.
For example, The Wall Street Journal
subscribers upload a picture and digitally transform it
into the stipple style used by its reporters. The newspaper provides disclosures over
how that photo will be used.
"We will not use your photo or portrait to personally identify you or give your photos to others," the disclosure says. It deletes the photo after
three weeks and the stippled picture after one week. That seems like a good policy and reduces the likelihood the photographic information can be abused somehow.
data is more sensitive than other kinds of information, like a credit-card number, which can be canceled when a cardholder sees suspicious activity. A fingerprint can remain basically unchanged
throughout a lifetime -- there is no canceling it.
Facebook's $550 million settlement likely will invite other lawyers to mine similar riches by suing companies that use
biometric data in some way. The class-action attorneys who went after Facebook issued a press release crowing over their settlement.
I expect they will be in high demand to go after other
companies -- and publishers should do what they can to avoid being targeted.