Facebook Says Illinois Biometrics Law Unconstitutional

Bloomberg Law: Privacy & Data Security brings you single-source access to the expertise of Bloomberg Law’s privacy and data security editorial team, contributing practitioners,...

By Daniel R. Stoller

Nov. 14 — Facebook Inc. says an Illinois biometrics statute that restricts the transfer of facial recognition data to other states violates the U.S. Constitution ( In re Facebook Biometric Info. Privacy Litig. , N.D. Cal., No. 15-cv-03747, answer, 11/11/16 ).

Only few states have biometrics laws—Illinois, Texas and Connecticut—but many consumer-facing companies are attempting to monetize or store and analyze biometric data. If companies use biometric data without a clear understanding on the reach of these laws, they may be subject to numerous and costly consumer class actions.

The social media giant said in its Nov. 11 answer to the plaintiffs’ amended complaint filed in the U.S. District Court for the Northern District of California that the Illinois Biometric Information Privacy Act (BIPA) is unconstitutional as applied because it violates a well-established constitutional protection under the Commerce Clause. This constitutional protection limits a state’s ability to pass legislation that would improperly burden or discriminate against interstate commerce.

Facebook said that not allowing it to use biometric analysis software to scan photographs posted by users from Illinois restricts its use of data used in commerce.

Facebook also raised 22 other affirmative defenses to the consumer claims before the federal court. For example, Facebook said that plaintiffs and putative class “consented to and, in some cases, participated in the uploading and ‘tagging’ of photographs of which they now complain.”

Under BIPA, 740 Ill. Comp. Stat. § 14/15, no private entity may obtain or otherwise collect a person’s “biometric identifier or biometric information” unless it informs the subject in writing that the information is being stored; informs the subject about “the specific purpose and length of term” of use; and receives express written authorization to use that information.

Facebook Seeks to Toss Claims

The case arises out of consumer claims that Facebook used its “Tag Suggestions” feature to conceal its use of proprietary facial recognition software to obtain “unique biometric identifiers” without consent, the June 2 amended class complaint said.

Facebook brought a motion June 29 to dismiss the consumer claims because consumers didn’t allege enough harm to satisfy federal standing to bring a case in court. In the motion to dismiss, Facebook said that consumers didn’t allege harm sufficient to sue in federal court. The company argued that the plaintiff’s claim that the company “misappropriated the value of their biometric identifiers” doesn’t meet the standing requirement because the plaintiff’s didn’t allege “how the value of their biometric identifiers” was diminished.

Facebook’s motion to dismiss is still pending before the court.

A spokesman for the putative class told Bloomberg BNA that they had no comment on the ongoing litigation. Facebook didn't immediately respond to Bloomberg BNA's e-mail request for comments.

Robbins Geller Rudman & Dowd LLP, Edelson PC and Labaton Sucharow LLP represent the named plaintiffs. Mayer Brown LLP represents Facebook.

To contact the reporter on this story: Daniel R. Stoller in Washington at dstoller@bna.com

To contact the editor responsible for this story: Donald Aplin at daplin@bna.com

For More Information

Copyright © 2016 The Bureau of National Affairs, Inc. All Rights Reserved.

Request Bloomberg Law Privacy and Data Security