Macy's must face privacy claims stemming from allegations that it purchased access to a facial-recognition database from Clearview AI, a federal judge has ruled.
The decision, issued last
week by U.S. District Court Judge Sharon Johnson Coleman in the Northern District of Illinois, allows consumers to proceed with a class-action complaint accusing the department store of violating an
Illinois biometric privacy law, as well as claims that the company violated privacy laws in California and New York.
The ruling stems from a lawsuit initially filed in 2020 against Clearview,
and amended last year to include Clearview's alleged clients, including Macy's. The retailer allegedly drew on the faceprint database as part of an initiative to combat shoplifting.
Clearview
came to public attention in January of 2020, when The New York Times reported
that the company scraped billions of photos from Twitter, Facebook and other companies, used technology to create a faceprint database, then sold access to that database to police departments across
the country.
It emerged in subsequent reports that Clearview also sold access to other
government officials and private company's -- including, allegedly, Macy's.
The consumers suing Macy's allege that the retailer violated an Illinois biometric privacy law that requires
companies to obtain state residents' consent before collecting and storing scans of their facial geometry.
Consumers also allege that Macy's violated various laws in New York and California --
including laws in both states that give residents the right to control the commercial use of their images, and a provision in California's constitution that gives residents a broad right to
privacy.
Macy's urged Coleman to dismiss the claims at an early stage of the case, arguing that none of the consumers who sued could show how they were injured by Macy's alleged purchase of
the information.
The judge rejected that argument, writing in a 12-page decision that the alleged violations of the Illinois law, if proven true, were sufficient to establish that the store
caused a “concrete harm” of violating residents' privacy interests in biometric data.
Coleman also rejected Macy's arguments that the allegations, even if proven true, wouldn't
show that it violated New York or California laws by misappropriating people's images for commercial purposes.
She ruled that the allegation that Macy's used “photographs and likeness
without authorization for commercial gain via Macy’s loss prevention business model” could (if proven true) establish that the company misappropriated images of New York and California
residents.
The judge also found that the allegation that the retailer used people's biometric data without their consent (if proven true), could establish that the company violated California
resident's constitutional right to privacy.
“Construing the allegations in plaintiffs’ favor, they have adequately stated that Macy’s conduct constituted a serious invasion
of their information privacy,” she wrote. “Biometric information, by its very nature, is sensitive and confidential.”
Clearview is also facing a class-action complaint in
Illinois, and an action by in Vermont by the state attorney general.
Company founder Hoan Ton-That has previously said through a spokesperson that Clearview has helped law enforcement solve
“heinous crimes against children, seniors and other victims of unscrupulous acts.”
The company is arguing in the Illinois lawsuit that it has a constitutional right to collect and
use public photographs that appear online.
Clearview's argument has been endorsed by some First Amendment experts, including Eugene Volokh, UCLA law professor and founder of the blog Volokh
Conspiracy.
Volokh and others argued in a friend-of-the-court brief filed in July with Johnson that the state's biometric privacy law conflicts with free speech rights by restricting how
companies can use information that's already viewable by the public.