Facebook Urges Dismissal of Photo-Tagging Class Suit

By Michael J. Bologna

Nov. 24 — Facebook Inc. is seeking dismissal of a putative class action alleging that the social media giant's use of biometric identification technology violates a one-of-a-kind Illinois privacy statute known as the Illinois Biometric Information Privacy Act (BIPA) (Gullen v. Facebook Inc., N.D. Ill., 1:15-cv-07681, motion to dismiss 11/20/15).

In its motion to dismiss, filed Nov. 20 in the U.S. District Court for the Northern District of Illinois, Facebook argued that photographs are not “biometric identifiers” or “biometric information” within the meaning of BIPA.

“The statute expressly defines those terms to exclude both ‘photographs' and any ‘information derived from' photographs,” Facebook wrote in its brief. “Because plaintiff's claim rests entirely on information derived from photographs, his complaint should be dismissed with prejudice.”

Facebook also contended that dismissal is appropriate because the company is not subject to general jurisdiction in Illinois.

Plaintiff Frederick Gullen alleged in his complaint that Facebook used a biometric identifier that extracted data about his face from a photo and saved a template containing that data in its database, but failed to make disclosures and obtain releases as required under BIPA.

First of Its Kind

The litigation is likely the first of its kind, in which a social media company's use of biometric identification technology is being challenged under a state privacy statute.

Only Illinois and Texas have privacy statutes addressing biometric data, and the Illinois law is unique because it authorizes a private right of action and statutory damages. Enforcement actions under the Texas biometric data law are reserved for the attorney general.

The lawsuit against Facebook is one of two BIPA suits filed in Chicago by the same group of attorneys. Similar allegations were made in June against Shutterfly Inc. (Norberg v. Shutterfly Inc., N.D. Ill., 1:15-cv-05351, filed 6/17/15). The plaintiffs in both actions are represented by Carey, Rodriguez, O'Keefe, Milian, Gonya LLP in Miami, Fla. and Lite, DePalma, Greenberg LLC in Chicago.

Federal Attention to Facial Recognition Privacy

The largest players in the technology industry are aware of the significant privacy questions emerging as biometric recognition technologies become more prevalent in consumers' daily lives.

Carl Szabo, policy counsel for the tech industry trade association NetChoice, said industry is working with the Obama Administration and other constituencies on a series of best practices with respect to biometric and facial recognition technologies. The effort is being directed by the Department of Commerce's National Telecommunications and Information Administration.

Szabo told Bloomberg BNA Nov. 24 the group would release a series of recommendations early in 2016.

“We are working on draft best practices that are built on three pillars: transparency, control over sharing, and data security,” Szabo said.

Consent Lacking

Gullen, who is not a Facebook user, alleged that an acquaintance uploaded a picture of him to the social media site. Facebook automatically scanned and analyzed Gullen's face, extracted his biometric identifiers and used the data to create a template of his face. Gullen alleges Facebook, in violation of BIPA, did not seek or receive his consent for this activity.

The lawsuit seeks to represent a putative class consisting of all “non-Facebook users who, while residing in the State of Illinois, had their biometric identifiers, including ‘face templates’ (or ‘face prints’), collected, captured, received, or otherwise obtained by Facebook.” The suit demands statutory damages of up to $5,000 per violation.

Facebook: BIPA Doesn't Reach Social Sites

Facebook argued that the plaintiffs' claim is barred by the plain language of BIPA. Facebook noted that photographs and information derived from photographs do not fall under the definition of biometric identifier under the statute. Facebook added that the Illinois General Assembly intended to exclude such data because the law was designed to regulate the use of biometric identifiers as they pertained to financial transactions and security screenings.

“BIPA's express legislative findings and history confirm that these broad exclusions were deliberate: the General Assembly sought to regulate the use of biometric technology to facilitate financial and other secure transactions, and wanted to make clear that other types and uses of technology were not prohibited,” Facebook said in its motion for dismissal.

Facebook is being represented by Lauren R. Goldman in the New York office of Mayer Brown LLP, and Vincent Connelly and Matthew D. Provance of the Chicago office of Mayer Brown.

To contact the reporter on this story: Michael J. Bologna in Chicago at mbologna@bna.com

To contact the editor responsible for this story: Thomas O'Toole at totoole@bna.com

For More Information