In 2007, Illinois passed the Biometric Information Privacy Act. Biometrics, as you may already know, pertain to unique physical characteristics, such as fingerprints, iris scans, DNA and face geometry, that help identify an individual. Facial recognition technologies have made the collection of biometrics simpler, speedier, and easily accessible.
As a result, various companies can now use biometric identifiers to access one’s finances or other sensitive information. In the case of identity theft, you can change your social security number. Biometrics, on the other hand, are biologically unique to the individual; thus, once it is compromised, the affected person remains at a heightened risk for identity theft. Moreover, companies’ unauthorized use of people’s biometrics can potentially threaten basic aspects of our privacy and civil rights law. This concern spawned the following Act.
Illinois Biometric Information Privacy Act
Per the Illinois Biometric Information Privacy Act (“BIPA”) 2007 Ill. SB 2400, private companies may not obtain and/or possess a person’s biometrics unless the company:
- Informs that individual, in writing, that biometric identifiers or information will be collected or stored;
- Informs that individual, in writing, of the particular purpose and length of term for which such biometric identifiers or biometric information is being collected, stored and used;
- Receives a written release from the individual for the collection of his or her biometric identifiers or information; and
- Publicly publishes available written retention schedules as well as guidelines for permanently destroying biometric identifiers and biometric information.
Tech Giants Violate Biometric Information Privacy Act
Unfortunately, tech companies like Google are in violation of each of the above requirements. Google has created, gathered and stored, in connection with its “Google Photos” cloud-based software, millions of “face templates.” These face-templates are highly detailed geometric maps of the face, gathered from millions of Illinois residents. Thousands of these residents are not even enrolled in the Google Photos service. Google created these templates by using sophisticated facial recognition technology that extracts and analyzes data from photos taken on Google Droid devices and uploaded to the cloud-based Google Photos.
Violating BIPA, Google failed to properly inform individuals, in writing, that their biometric identifiers were being collected or stored on Google Photos. Nor did Google inform the affected individuals, in writing, of the particular purpose and length of term for which their biometric identifiers were being “collected, stored and used” as required by the above statute.
But it’s not only Google. Shutterfly is also in blatant violation of BIPA. Shutterfly, like Google, acted illegally in its collecting, storing and utilizing its users biometric information without first obtaining their informed written consent. Specifically, Shutterfly created, collected and stored millions of “face templates” from millions of individuals, many thousands of whom are non Shutterfly users living in Illinois.
Facebook, too, is in violation of BIPA. A recent lawsuit was filed in effort to stop Facebook’s collection, use, and storage of users’ and the Class’s sensitive biometric data. In short, Facebook launched a program in 2010 called Tag Suggestions. Said feature operates by scanning uploaded user photographs and then identifying faces that appear in those photographs. If Tag Suggestions recognizes and identifies one of the faces appearing in the photograph, Facebook will suggest that individual’s name or automatically tag them.
In violation of BIPA, Facebook conceals that Tag Suggestions uses proprietary facial recognition software to extract unique biometric identifiers to identify people’s faces. Facebook does not disclose its biometrics data collection to its users, nor does it even ask users to acknowledge, let alone consent to, these practices. Through these practices, Facebook not only disregards its users’ privacy rights; it also violates the BIPA.
Dinizulu Law Group, Ltd. is a practice of experienced civil rights lawyers and we support the protections guaranteed by BIPA. No company, no matter how big or small, has the right to bypass this statute. We hope similar laws will be enacted across other states to protect residents nationwide. Our civil rights law firm works to advance action for such consumer protection issues. Our civil rights attorneys have been recognized both locally and nationally for championing social and civil rights causes.