Suit: Facebook's Tag Suggestions Tool Violates Illinois Biometric Privacy Law

April 2 — Facebook Inc. is violating the Illinois Biometric Information Privacy Act through its Tag Suggestions feature that identifies a user's friends in uploaded photos, according to a proposed class action complaint filed April 1 in Illinois state court.

Plaintiff Carlo Licata said that Tag Suggestions, which launched in 2010, uses facial recognition software to “extract unique biometric identifiers” associated with users. He said Facebook “secretly amassed the world's largest privately held database of consumer biometrics data,” and the company hid its use of facial recognition software “on remote sections of its website.”

Facebook's autotagging feature attracted scrutiny from European Union privacy regulators, and the social networking giant agreed to discontinue the practice within the EU in 2012.

“This lawsuit is without merit and we will defend ourselves vigorously,” a Facebook spokeswoman told Bloomberg BNA April 3.

Notification and Consent 

According to the complaint, Facebook is required under the Biometric Information Privacy Act, 740 Ill. Comp. Stat. 14/1, to inform users in writing that their biometric data are being collected and obtain consent from users for the collection of biometric data. The act also requires Facebook to share with users why it is collecting the data, how long it will keep the data, its retention schedule and guidelines for permanently destroying the data, the complaint said.

The lawsuit seeks an order declaring that Facebook violates the act and injunctive relief requiring the company to abide by the law's requirements. The proposed class seeks statutory damages of $5,000 for Facebook's intentional and reckless violation of the statute, or in the alternative, statutory damages of $1,000 for negligent violation of the Illinois law.

The proposed class is comprised of all Facebook users who had their “faceprints” collected while residing in Illinois.

Edelson PC represented the proposed class.