As we have previously written about, there are several ongoing biometric privacy-related lawsuits alleging that facial recognition-based systems of photo tagging violate the Illinois Biometric Information Privacy Act (BIPA).  Add one more to the list.  A Chicago resident brought a putative class action against Google for allegedly collecting, storing and using, without consent and in violation of BIPA, the faceprints of non-users of the Google Photos service, a cloud-based photo and video storage and organization app (Rivera v. Google, Inc., No. 16-02714 (N.D. Ill. filed Mar. 1, 2016)).

Under BIPA, an entity cannot collect, capture, purchase, or otherwise obtain a person’s “biometric identifier” or “biometric information,” unless it first:

(1) informs the subject in writing that a biometric identifier is being collected;

(2) informs the subject in writing of the specific purpose and length of term for which a biometric identifier or biometric information is being collected, stored, and used; and

(3) receives a written release executed by the subject.

The statute contains defined terms and limitations, and parties in other suits are currently litigating what “biometric identifiers” and “biometric information” mean under the statute and whether the collection of facial templates from uploaded photographs using sophisticated facial recognition technology fits within the ambit of the statute.

The statute also provides that entities in possession of certain collected biometric data post a written policy establishing a retention schedule and guidelines for deleting data when the initial purpose for collection has been satisfied.  Notably, BIPA provides for a private right of action, and potential awards of $1,000 in statutory damages for each negligent violation ($5,000 for each intentional or reckless violation), as well as injunctive relief and attorney’s fees.

In the suit against Google, the plaintiff alleges that the Google Photos service created, collected and stored millions of faceprints from Illinois users who uploaded photos (and, like the plaintiff, the faceprints of non-users whose faceprints were collected merely because their images appeared in users’ uploaded photos). The plaintiff claims that, in violation of BIPA, Google failed to inform “unwitting non-users who had their face templates collected” of the specific purpose and length of term of collection, failed to obtain written consent from individuals prior to collection, or otherwise post publicly available policies identifying their face template retention schedules.  Plaintiff seeks injunctive relief compelling Google to comply with BIPA, and an award of statutory damages.

Since the named plaintiff claims to be a non-user of the Google Photos service, Google may not be able to transfer the matter to California based upon the forum selection clause in its terms of service.  Yet, as with the prior suits against other providers, Google will likely invoke jurisdictional defenses along with multiple arguments about how the Illinois statute is inapplicable to its activities based upon certain statutory exceptions.

We will continue to follow this dispute, along with the other existing biometric privacy-related litigation.  Indeed, this past week, the photo storage service Shutterfly, which is facing a similar suit to Google, is seeking to send the matter to arbitration based upon allegations that the unnamed Shutterfly user who uploaded a photo depicting the plaintiff was actually his fiancée (and current wife).

Print:
Email this postTweet this postLike this postShare this post on LinkedIn
Photo of Jeffrey Neuburger Jeffrey Neuburger

Jeffrey Neuburger is co-head of Proskauer’s Technology, Media & Telecommunications Group, head of the Firm’s Blockchain Group and a member of the Firm’s Privacy & Cybersecurity Group.

Jeff’s practice focuses on technology, media and intellectual property-related transactions, counseling and dispute resolution. That expertise…

Jeffrey Neuburger is co-head of Proskauer’s Technology, Media & Telecommunications Group, head of the Firm’s Blockchain Group and a member of the Firm’s Privacy & Cybersecurity Group.

Jeff’s practice focuses on technology, media and intellectual property-related transactions, counseling and dispute resolution. That expertise, combined with his professional experience at General Electric and academic experience in computer science, makes him a leader in the field.

As one of the architects of the technology law discipline, Jeff continues to lead on a range of business-critical transactions involving the use of emerging technology and distribution methods. For example, Jeff has become one of the foremost private practice lawyers in the country for the implementation of blockchain-based technology solutions, helping clients in a wide variety of industries capture the business opportunities presented by the rapid evolution of blockchain. He is a member of the New York State Bar Association’s Task Force on Emerging Digital Finance and Currency.

Jeff counsels on a variety of e-commerce, social media and advertising matters; represents many organizations in large infrastructure-related projects, such as outsourcing, technology acquisitions, cloud computing initiatives and related services agreements; advises on the implementation of biometric technology; and represents clients on a wide range of data aggregation, privacy and data security matters. In addition, Jeff assists clients on a wide range of issues related to intellectual property and publishing matters in the context of both technology-based applications and traditional media.