Facebook Facing Facial Recognition Lawsuits

September 25, 2015

When you upload pictures on Facebook, you may have noticed that Facebook would ask if you would like to tag “Ashley” or “Derek.” Facebook uses facial recognition software that in a few states might be illegal.
Although there is no federal law that specifically regulates facial recognition technology, there are certain states like Illinois and Texas that do. The Illinois’s Biometric Information act makes it unlawful to:  “collect, capture, purchase, receive through trade, or otherwise obtain a person’s or a customer’s biometric identifiers or biometric information, unless it first: (1) informs the subject… in writing that a biometric identifier or biometric information is being collected or stored; (2) informs the subject… in writing of the specific purpose and length of term for which a biometric identifier or biometric information is being collected, stored, and used; and (3) receives a written release executed by the subject of the biometric identifier or biometric information.”
Last April, Carlo Licata brought a class action suit against Facebook for using the facial recognition technology in violation of the above statute. Licata argues that Facebook’s tag feature extracts unique biometric identifiers from user’s pictures that are then stored in a database without informing or obtaining consent from the users. He further argues that Facebook does not even mention the use of this technology in its privacy policy.
The records have shown a complaint has been filed but the case is yet to be tried in court. Facebook says that this case is without merit.
The Federal Trade Commission (FTC) hosted a workshop on December 8, 2011– “Face Facts: A Forum on Facial Recognition Technology” (“Face Facts workshop”) – to explore developments in rapidly evolving field of Facial Recognition technology. FTC staff has synthesized those discussions and comments in order to develop recommended best practices for protecting consumer privacy in this area, while promoting innovation. In the report, the FTC discusses the exact scenario of Facebook’s facial tagging feature. A summary of the recommendations outlined in this report for this scenario are as follows:

  • The social network should ensure data security, both for the images themselves as well as the biometric data derived from the images by making sure all the data is encrypted.
  • The social network should establish and maintain appropriate retention and disposal practices
  • The social network should be transparent with consumers about its data practices regarding the facial recognition feature
  • When the company first begins using this technology, it should provide users with a clear notice, outside a privacy policy, about how the feature works, what data it collects, and how that data will be used because this use is not currently within the context of consumers’ relationship with the social network.
  • Companies should also provide consumers with an easy to find, meaningful choice not to have their biometric data collected and used for facial recognition.
  • Consumers should be able to turn off the feature at any time and delete any biometric data previously collected from their tagged photos.

The serious implications that the FTC is concerned appear to be what happens if there is a breach of data. There is an enormous threat to consumer privacy if this data were to ever be stolen. People are concerned of a world where any random person can take a picture of you on the street and instantaneously know who you are. As Licata’s attorney said,

If you get your credit card or bank account stolen, you can change it. Your face is your face, it can’t be changed. Once it’s out there, it’s out there.

However, the talks and worries did not stop in 2012. Last June, nine civil liberties and consumer advocate groups announced that they were withdrawing from talks with trade associations over how to write guidelines for the fair commercial use of face recognition technology for consumers.  The talks were a part of an initiative by the National Telecommunications & Information Administration, a division of the Commerce Department, but the privacy advocates said that they could not achieve what their perspective was as the minimum rights for consumers.
Frederick William Gullen, Adam Penzen, and Nimesh Patel have brought similar suits this year.  Facebook is not alone in the use of this technology as several other companies are using it as well. There is also a case brought against Shutterfly for its photo-book service. The decision of these cases may have interesting implications on consumer privacy and on countless social media companies that have been using this technology without the user’s consent or knowledge.