March 28, 2017
Biometrics, Privacy, and Facebook: Who is Tagging Who?
Beth is a twenty-five-year old who lives and works in New York City. She, like many of her peers, keeps in touch with her old friends and classmates via Facebook, one of the most well-known online social media and social networking services. After her birthday party, Beth logs on to Facebook to post pictures to memorialize the grand event. She uploads three photos of herself and a collection of her friends, and is prompted by Facebook to “tag” her friends, linking their profile to the pictures. When Beth goes to tag her friends in the photo, she finds that Facebook has already done it for her- Facebook gives her a suggestion for each face it identifies in the photo and asks “Is this (friend’s name)?” To Beth- and many other Facebook users- this technology might seem innovative and keen.
However, this feature– called ‘Tag Suggestions’ — is just one of the many instances of biometric technology being used, with or without our knowledge of its presence, in our daily lives.
While Facebook’s use of biometrics seems to serve the primary purpose of taking the leg-work out of tagging friends in photos, biometrics are used for much more than that. Biometrics first rapidly made their way into the mainstream as a means to help prevent identity theft and fraud. There are two main categories of biological measurements: physiological characteristics, which includes the shape or composition of the human body (such as fingerprints, DNA, facial measurements, vein patterns, retina or ear features); and behavioral characteristics, related to the pattern of the behavior of a person (such as typing rhythm, gait, gestures, and even voice). The industry has now rocketed into the mainstream, with the biometrics market expected to be worth $32.7 billion by 2022. With new technology comes new legal problems, and some states have already attempted to combat rising concerns with biometrics through legislation. The most pertinent example is the Illinois Biometric Information Privacy Act (commonly known as BIPA), which was passed in 2008 in an effort to control how companies collect and use biometric identifiers. The law bans companies from collecting and storing a person’s unique biometric data without first obtaining permission and notifying the user. Under BIPA, a prevailing plaintiff can recover actual or liquidated damages, as well as attorney’s fees and costs—providing some insight into the potential motivations behind a landmark upcoming biometrics privacy case: In re Facebook Information Privacy Litigation.
As gleamed from in re Facebook, there are two contradictory debates circling the technology of biometrics as a method for gathering and storing personal facial information: first, the position that data is being collected without first obtaining an individual’s consent, thereby violating their rights to privacy; and second, the argument that BIPA unconstitutional prohibits interstate commerce by prohibiting businesses such as Facebook from using data it collects in states such as Illinois. Facebook takes the latter position: the social media giant said in its November 2016 answer to the plaintiffs’ amended class complaint filed in the U.S. District Court for the Northern District of California that the Illinois BIPA is unconstitutional as applied because it violates a well-established constitutional protection under the Commerce Clause… This constitutional protection limits a state’s ability to pass legislation that would improperly burden or discriminate against interstate commerce. Facebook said that not allowing it to use biometric analysis software to scan photographs posted by users from Illinois restricts its use of data used in commerce.
Both Facebook and the plaintiffs of this case seem to have prima facie persuading arguments- so who is correct? With regards to the potential for dissemination of personal information collected through biometric technology, consumers certainly have justification for concern. However, businesses also have a compelling interest in keeping up with new and updated technologies, in order to remain competitive and profitable. With the rise of biometrics not indicating any sign of halting, it will be interesting to see how the complexities of traditional privacy law and modern technology interact.