• by Wendy Davis  @wendyndavis, January 31, 2022

Macy's must face privacy claims stemming from allegations that it purchased access to a facial-recognition database from Clearview AI, a federal judge has ruled.

The decision, issued last week by U.S. District Court Judge Sharon Johnson Coleman in the Northern District of Illinois, allows consumers to proceed with a class-action complaint accusing the department store of violating an Illinois biometric privacy law, as well as claims that the company violated privacy laws in California and New York.

The ruling stems from a lawsuit initially filed in 2020 against Clearview, and amended last year to include Clearview's alleged clients, including Macy's. The retailer allegedly drew on the faceprint database as part of an initiative to combat shoplifting.

Clearview came to public attention in January of 2020, when The New York Times reported that the company scraped billions of photos from Twitter, Facebook and other companies, used technology to create a faceprint database, then sold access to that database to police departments across the country.

It emerged in subsequent reports that Clearview also sold access to other government officials and private company's -- including, allegedly, Macy's.

The consumers suing Macy's allege that the retailer violated an Illinois biometric privacy law that requires companies to obtain state residents' consent before collecting and storing scans of their facial geometry.

Consumers also allege that Macy's violated various laws in New York and California -- including laws in both states that give residents the right to control the commercial use of their images, and a provision in California's constitution that gives residents a broad right to privacy.

Macy's urged Coleman to dismiss the claims at an early stage of the case, arguing that none of the consumers who sued could show how they were injured by Macy's alleged purchase of the information.

The judge rejected that argument, writing in a 12-page decision that the alleged violations of the Illinois law, if proven true, were sufficient to establish that the store caused a “concrete harm” of violating residents' privacy interests in biometric data.

Coleman also rejected Macy's arguments that the allegations, even if proven true, wouldn't show that it violated New York or California laws by misappropriating people's images for commercial purposes.

She ruled that the allegation that Macy's used “photographs and likeness without authorization for commercial gain via Macy’s loss prevention business model” could (if proven true) establish that the company misappropriated images of New York and California residents.

The judge also found that the allegation that the retailer used people's biometric data without their consent (if proven true), could establish that the company violated California resident's constitutional right to privacy.

“Construing the allegations in plaintiffs’ favor, they have adequately stated that Macy’s conduct constituted a serious invasion of their information privacy,” she wrote. “Biometric information, by its very nature, is sensitive and confidential.”

Clearview is also facing a class-action complaint in Illinois, and an action by in Vermont by the state attorney general.

Company founder Hoan Ton-That has previously said through a spokesperson that Clearview has helped law enforcement solve “heinous crimes against children, seniors and other victims of unscrupulous acts.”

The company is arguing in the Illinois lawsuit that it has a constitutional right to collect and use public photographs that appear online.

Clearview's argument has been endorsed by some First Amendment experts, including Eugene Volokh, UCLA law professor and founder of the blog Volokh Conspiracy.

Volokh and others argued in a friend-of-the-court brief filed in July with Johnson that the state's biometric privacy law conflicts with free speech rights by restricting how companies can use information that's already viewable by the public.