For years, Facebook has been fighting a potentially devastating lawsuit on the grounds that its collection and storage of biometric data (namely, face data) on Illinois residents violates that state’s privacy laws, and now it looks as if that case can proceed as a class action.
The suit began in 2015, when Illinois users accused Facebook of violating their state’s Biometric Information Privacy Act by using facial recognition technology to suggest friends tag you in all those unflattering photos. The case slowly made its way through the courts before ending up in the 9th U.S. Circuit Court of Appeals, which has jurisdiction over Facebook’s home in Menlo Park, California.
On Thursday, by a 3-0 decision, that court rejected Facebook’s effort to ward off a class-action lawsuit, which Reuters reports could open up Facebook to billions of dollars in potential damages to the Illinois users who brought the case. Under Illinois’s biometric privacy law, each user affected by Facebook’s unlawful collection could be entitled to damages of $1,000 for each negligent violation and $5,000 for each intentional or reckless violation.
While Facebook could appeal this decision to the U.S. Supreme Court, the case is now back in the hands of U.S. District Judge James Donato in San Francisco, who certified a class action in April 2018. Barring a further appeal, the company could go to trial over misuse of biometric data. That could end up being a big financial hit for the company, which just paid a record $5 billion fine to settle a Federal Trade Commission data-privacy probe.
“This decision is a strong recognition of the dangers of unfettered use of face surveillance technology,” said Nathan Freed Wessler, staff attorney with the ACLU Speech, Privacy, and Technology Project. “The capability to instantaneously identify and track people based on their faces raises chilling potential for privacy violations at an unprecedented scale. Both corporations and the government are now on notice that this technology poses unique risks to people’s privacy and safety.”
We reached out to Facebook for comment.