A recent decision out of the federal District Court Northern District of California is big news for both Facebook and, curiously, Facebook users in the state of Illinois. A class of Illinois Facebook users was just certified.
The class action case revolves around Facebook’s use of facial recognition software and the Illinois Biometric Information Protection Act (BIPA) which requires companies to get consent before obtaining and storing a person’s biometric data. Facebook started using facial recognition in 2011 to help users “tag” friends in photographs. Notably, BIPA was passed in 2008.
Court Limited Class
The court did limit the class to only “Facebook users located in Illinois for whom Facebook created and stored a face template after June 7, 2011.” In the plaintiffs’ motion for certification, it proposed a class of all Illinois residents who appeared on Facebook in a photo. Naturally, the court found that class to be too unwieldy, particularly given the alternative proposal of just those Illinois residents who had their actual biometric data stored.
The court acknowledged that simply appearing in a photo is not synonymous with having a face signature or template taken and stored. As the decision notes, per Facebook’s own uncontested statistics and admissions, the facial recognition fails to find a face about 24% of the time, additionally, the program does not run on every photo. These facts seemed to create insurmountable problems for defining the class as being comprised of any Illinois resident that appeared in a photo on Facebook.
Is There Actual Harm?
The order certifying the class also rejects Facebook’s argument that the plaintiffs cannot succeed because BIPA requires showing actual harm. The court distinguished a recent decision of the appellate court in Illinois interpreting BIPA to require actual harm. In regards to Facebook’s reliance on that decision, it explained that the facts of that case are “a far cry from the situation here, where plaintiffs plausibly argue that simply using Facebook or reading Facebook’s user policy did not put them on notice that Facebook was collecting their biometric data.”