Earlier this month, a federal court gave the go-ahead to a lawsuit alleging that Facebook’s photo-scanning, facial-recognition feature violated Illinois state law. Having lost that legal battle, it looks like Facebook may be trying to get out of the lawsuit by simply changing that Illinois law.
The law in question is the Biometric Information Privacy Act, which sets restrictions on the collection and storage of biometric data.
At issue is whether Facebook’s Tag Suggestions feature — which scans users’ photos and then tries to match that data to previously tagged users — should be considered as biometric data under this law.
The BIPA does currently state that “photographs” do not count as biometric identifiers, but does that mean a physical photograph or any image of a human? Is there a difference between a photo that is archived without any sort of analysis or data gleaned from it, versus a photo that is scanned, analyzed, and compared to millions of other similarly uploaded images? The BIPA does not say, and that is a dispute that would likely make for lively debate at hearings or in a trial.
However, yesterday, some members of the Illinois General Assembly introduced a rider — piggy-backed on a bill about unclaimed property — that amends the BIPA in such a way as to effectively win Facebook’s case before it gets to court.
First, the amendment revises the term “photographs” to make it clear that it means both “physical and digital photographs” are exempted from the definition of “biometric identifiers.”
The rider then goes on to clarify that you can’t create a biometric identifier from these photographs, meaning all data collected from scans of Facebook photos is exempted from the law.
Perhaps most importantly, the rider adds an entirely new definition to the law. If passed, a “Scan” would only refer to “data resulting from an in-person process whereby a part of the body is traversed by a detector or an electronic beam.”
Thus, Facebook would not be “scanning” users’ photos under the law, because it would be taking information from a digital version of a photo.
The Illinois legislative session is drawing to a close in the coming days, so this rider will likely come up for consideration soon.
Facebook has not yet replied to Consumerist’s request for comment on this story, but we will update if we hear anything back.
The social media site had previously tried to get the Illinois case dismissed by arguing that all the plaintiffs had, by okaying the Facebook terms of use, agreed that California law governs any disputes with the company. California does not have a law similar to BIPA.
While the court found that the plaintiffs had indeed agreed to the Facebook terms of use, it ultimately determined that Facebook could not use this clause to negate the Illinois state law.
“There can be no reasonable doubt that the Illinois Biometric Information Privacy Act embodies a fundamental policy of the state of Illinois,” explained the court, noting “if California law is applied, the Illinois policy of protecting its citizens’ privacy interests in their biometric data, especially in the context of dealing with ‘major national corporations’ like Facebook, would be written out of existence.”
by Chris Morran via Consumerist