Illinois Supreme Court Rules Against Six Flags in Lawsuit Over Fingerprint Scans, Says Actual Harm Unnecessary For Biometric Case https://t.co/6Ojo5ccANE
— Slashdot (@slashdot) January 25, 2019
BIOMETRIC INFORMATION PRIVACY ACT (BIPA)
Time clock biometric scanners are not scanning finger prints – it scans points on a picture of the finger. #FakeNewsMedia
— RSITechGroup (@RSITechgroup) September 24, 2018
BIOMETRICS CLASS ACTION LAWSUITS
“…Other states have introduced proposed comprehensive legislation that has failed to pass, with Maryland and New York as the latest to consider implementing a comprehensive biometric information privacy law. New York Assembly Bill 27 would require written consent for collecting biometric information and prohibit the sale of that information. Maryland House Bill 218 would impose similar restrictions. Both laws would feature a private right of action, distinguishing them from the Washington and Texas statutes. The California Consumer Privacy Act includes biometric data within the definition of personal data.
— The Data Dividend Project (@ddpforall) August 5, 2020
The law intends to provide consumer rights related to the control of their personal information, which extends to biometric data defined as “physiological, biological or behavioral characteristics, including … DNA[,] that can be used … to establish individual identity,” including “imagery of the iris, retina, fingerprint, face, hand, palm, vein patterns, and voice recordings, from which an identifier template, such as a faceprint, a minutiae template, or a voiceprint, can be extracted, and keystroke patterns or rhythms, gait patterns or rhythms, and sleep, health, or exercise data that contain identifying information.” Cal. Civ. Code § 1798.140(b). New York and Arkansas both have breach response statutes covering biometrics. Specifically, in New York, the 2019 Stop Hacks and Improve Electronic Data Security (SHIELD) Act includes “biometric information” within the definition of “private information.”
The Texas attorney general on Monday filed a privacy lawsuit against the parent company of Facebook, saying the company repeatedly captured and commercialized biometric data for more than a decade without users’ permission. https://t.co/d6uDRsSCVJ
— The New York Times (@nytimes) February 15, 2022
The law requires notification to individuals upon discovery of unauthorized access to their private information. And Arkansas’ breach response law, Arkansas Code §4-110-103(7), now includes “fingerprints; faceprint; a retinal or iris scan; hand geometry; voiceprint analysis; deoxyribonucleic acid (DNA); or any other unique biological characteristics” as biometric data within the definition of covered personal information. Arkansas’ law also requires notice to individuals upon discovery of a breach of personal information. Federal lawmakers have also shown an interest in legislating biometric information. The National Biometric Information Privacy Act of 2020 was introduced in August 2020 and would require covered entities to obtain consent prior to capturing biometrics, and also impose retention, disclosures, and destruction requirements. The proposed federal law, which is currently still under review in the U.S. Senate, would also include a private right of action…”
PRIVACY ROYALTIES vs UBI
“Penalties: BIPA provides that for each violation a prevailing party may recover:
- The greater of $1,000 or actual damages for a negligent violation.
- The greater of $5,000 or actual damages for an intentional violation.
- Reasonable attorney fees + costs, including expert witness fees + litigation expenses.
- Other relief, including a court order, as the state or federal court may deem appropriate.
It’s unclear what “per violation” means, Larson noted. Is it per employee? Or is it per clock-in and clock-out in the case of biometric time-keeping? If the latter is the case, the numbers for damages become astronomical, she said…”
— Reuters Legal (@ReutersLegal) April 26, 2021
“Sandwich shop chain Pret a Manger has agreed to pay more than $677,000 to resolve a class-action claim in Illinois alleging that nearly 800 employees’ fingerprints were collected and stored via its time-keeping system without first providing notice to the employees. The Biometric Information Privacy Act (BIPA), passed in Illinois in 2008, sets forth a number of rules about collecting, retaining and disclosing biometric identifiers and biometric information. The law most commonly comes up in the employment context when employers require workers to clock in and clock out using hand or fingerprint scans, but facial recognition and thermal imaging software and other technologies also may be implicated…”
Louis Vuitton Class Action Claims Retailer Unlawfully Collects Biometric Data Without Consent Using Virtual-Try O… https://t.co/ol7s5sIXwG
— Top Class Actions (@TopClassActions) April 12, 2022
LVMH Eyewear Virtual ‘Try-on’ Tool Draws Biometric Privacy Suit
by Robert Burnson / April 8, 2022
“Luxury giant LVMH’s North America unit was accused in a lawsuit of unlawfully collecting biometric data about shoppers who use its online tool to virtually “try on” sunglasses and frames. The company “collects detailed and sensitive biometric identifiers and information, including complete facial scans, of its users through the Virtual Try-On tool, and it does this without first obtaining their consent, or informing them that this data is being collected,” according to the proposed class-action lawsuit filed Friday in Manhattan. Representatives of Louis Vuitton North America Inc. didn’t immediately respond to requests for comment.
@UtecGroup, the manufacturer of high tech #fingerprint #door #locks, faces a #classaction #lawsuit from a #consumer alleging that the #company violates #Illinois’ #Biometric #Information #Privacy #Act by failing to meet #disclosure requirements. https://t.co/KVxTfTbZ4f pic.twitter.com/8mFJdqz9Q4
— Top Class Actions (@TopClassActions) September 27, 2018
Shoppers looking at sunglasses or frames on LVMH’s website are offered the option of using the Virtual Try-On tool. The tool turns on the customer’s webcams and creates a live video of the person wearing the eyewear they selected. The data collected by the tool is translated into computer code and sent to an outside server, where it is collected and stored, according to the suit. The complaint cites the Illinois Biometric Privacy Protection Act, which prohibits collecting and storing biometric data without consent and carries fines of $1,000 to $5,000 per violation. The case is Theriot v v. Louis Vuitton North America Inc., 22-cv-02944, U.S. District Court, Southern District of New York (Manhattan).”
Sentinel-2 #satellite moisture index overlaid on Google Earth, for a house-by-house assessment of who is watering their lawn (still) despite the #drought #ConejoValley #ThousandOaks pic.twitter.com/e2RW3iJZ1B
— AI6YR (@ai6yrham) June 15, 2022
Facebook’s Push for Facial Recognition Prompts Privacy Alarms
by Natasha Singer / July 9, 2018
“When Facebook rolled out facial recognition tools in the European Union this year, it promoted the technology as a way to help people safeguard their online identities. “Face recognition technology allows us to help protect you from a stranger using your photo to impersonate you,” Facebook told its users in Europe. It was a risky move by the social network. Six years earlier, it had deactivated the technology in Europe after regulators there raised questions about its facial recognition consent system.
Now, Facebook was reintroducing the service as part of an update of its user permission process in Europe. Yet Facebook is taking a huge reputational risk in aggressively pushing the technology at a time when its data-mining practices are under heightened scrutiny in the United States and Europe. Already, more than a dozen privacy and consumer groups, and at least a few officials, argue that the company’s use of facial recognition has violated people’s privacy by not obtaining appropriate user consent. The complaints add to the barrage of criticism facing the Silicon Valley giant over its handling of users’ personal details.
[BIG NEWS] A federal judge has approved a class action settlement where Tiktok will pay $92 million for unlawfully collecting biometric data from its users.
Read the details below (and see thread): https://t.co/8uCt5e5587 pic.twitter.com/fhqIvgQhjj
— The Data Dividend Project (@ddpforall) October 7, 2021
Several American government agencies are currently investigating Facebook’s response to the harvesting of its users’ data by Cambridge Analytica, a political consulting firm. Facebook’s push to spread facial recognition also puts the company at the center of a broader and intensifying debate about how the powerful technology should be handled. The technology can be used to remotely identify people by name without their knowledge or consent. While proponents view it as a high-tech tool to catch criminals, civil liberties experts warn it could enable a mass surveillance system. Facial recognition works by scanning faces of unnamed people in photos or videos and then matching codes of their facial patterns to those in a database of named people. Facebook has said that users are in charge of that process, telling them: “You control face recognition.”
But critics said people cannot actually control the technology — because Facebook scans their faces in photos even when their facial recognition setting is turned off. “Facebook tries to explain their practices in ways that make Facebook look like the good guy, that they are somehow protecting your privacy,” said Jennifer Lynch, a senior staff attorney with the Electronic Frontier Foundation, a digital rights group. “But it doesn’t get at the fact that they are scanning every photo.” Rochelle Nadhiri, a Facebook spokeswoman, said its system analyzes faces in users’ photos to check whether they match with those who have their facial recognition setting turned on. If the system cannot find a match, she said, it does not identify the unknown face and immediately deletes the facial data. At the heart of the issue is Facebook’s approach to user consent. In the European Union, a tough new data protection law called the General Data Protection Regulation now requires companies to obtain explicit and “freely given” consent before collecting sensitive information like facial data. Some critics, including the former government official who originally proposed the new law, contend that Facebook tried to improperly influence user consent by promoting facial recognition as an identity protection tool.
“critics say FB manipulated consent by promoting the service as an identity protection tool”
“Facebook is somehow threatening me that, if I do not buy into face recognition, I will be in danger,” said Viviane Reding, the former justice commissioner of the European Commission who is now a member of the European Parliament. “It goes completely against the European law because it tries to manipulate consent.” European regulators also have concerns about Facebook’s facial recognition practices. In Ireland, where Facebook’s international headquarters are, a spokeswoman for the Data Protection Commission said regulators “have put a number of specific queries to Facebook in respect of this technology.” Regulators were assessing Facebook’s responses, she said. In the United States, Facebook is fighting a lawsuit brought by Illinois residents claiming the company’s face recognition practices violated a state privacy law. Damages in the case, certified as a class action in April, could amount to billions of dollars.
Illinois Snapchat Filters Arbitration Investigation https://t.co/OrDUFcGwqc
— Top Class Actions (@TopClassActions) April 8, 2022
In May, an appeals court granted Facebook’s request to delay the trial and review the class certification order. Nikki Sokol, associate general counsel at Facebook, said in a statement, “This lawsuit is without merit and we will defend ourselves vigorously.” Separately, privacy and consumer groups lodged a complaint with the Federal Trade Commission in April saying Facebook added facial recognition services, like the feature to help identify impersonators, without obtaining prior consent from people before turning it on. The groups argued that Facebook violated a 2011 consent decree that prohibits it from deceptive privacy practices. “Facebook routinely makes misrepresentations to induce consumers to adopt wider and more pervasive uses of facial recognition technology,” the complaint said.
Facebook has agreed to a $550 million settlement of a class-action lawsuit that accuses it of violating the rights of millions of Illinois users by harvesting their biometric data without permission. https://t.co/BBU8Z3DrVJ
— ABC News (@ABC) February 9, 2020
Ms. Nadhiri said Facebook had designed its consent process to comply with the new European law and had previewed its approach with European regulators. As to the privacy groups’ complaint, she said the social network had notified users about expanded facial recognition services. “We provide clear information to people about how we use face recognition technology,” Ms. Nadhiri wrote in an email. The company’s recently updated privacy section, she added, “shows people how the setting works in simple language.” Facebook is hardly the only tech giant to embrace facial recognition technology. Over the last few years, Amazon, Apple, Facebook, Google and Microsoft have filed facial recognition patent applications. In May, civil liberties groups criticized Amazon for marketing facial technology, called Rekognition, to police departments.
NEW THIS MORNING: The lawsuit alleges the company continues to violate the Illinois Biometric Information Privacy Act, which protects residents’ facial and fingerprint identifiers. https://t.co/bYp183Plhu
— Chicago Sun-Times (@Suntimes) May 28, 2020
The company has said the technology has also been used to find lost children at amusement parks and other purposes. (The New York Times has also used Amazon’s technology, including for the recent royal wedding.) Critics said Facebook took an early lead in consumer facial recognition services partly by turning on the technology as the default option for users. In 2010, it introduced a photo-labeling feature called Tag Suggestions that used face-matching software to suggest the names of people in users’ photos. People could turn it off.
But privacy experts said Facebook had neither obtained users’ opt-in consent for the technology nor explicitly informed them that the company could benefit from scanning their photos. “When Tag Suggestions asks you ‘Is this Jill?’ you don’t think you are annotating faces to improve Facebook’s face recognition algorithm,” said Brian Brackeen, the chief executive of Kairos, a facial recognition company. “Even the premise is an unfair use of people’s time and labor.” The huge trove of identified faces, he added, enabled Facebook to quickly develop one of the world’s most powerful commercial facial recognition engines.
Compass Group and 365 Retail Markets agreed to pay $6.8 million to resolve a class action alleging they collected fingerprint data from vending machine users without proper notice and consent in a lawsuit brought under Biometric Information Privacy Act https://t.co/XM8aKxg2Pp pic.twitter.com/B1CsnwcoF2
— Reuters Legal (@ReutersLegal) October 29, 2021
In 2014, Facebook researchers said they had trained face-matching software “on the largest facial dataset to date, an identity labeled dataset of four million facial images.” Ms. Nadhiri said Facebook had consulted with privacy experts on its photo-tagging feature. It also recently notified users in the United States who had the site’s face-identification services turned on that they could turn them off, she said. “We have always respected people’s choices,” she said. But Facebook may only be getting started with its facial recognition services.
Meta has patented multiple technologies that wield users’ biometric data in order to help power what the user sees and ensure their digital avatars are animated realistically, the FT has found https://t.co/ike9Vlf37j
— Financial Times (@FinancialTimes) January 18, 2022
The social network has applied for various patents, many of them still under consideration, which show how it could use the technology to track its online users in the real world. One patent application, published last November, described a system that could detect consumers within stores and match those shoppers’ faces with their social networking profiles. Then it could analyze the characteristics of their friends, and other details, using the information to determine a “trust level” for each shopper. Consumers deemed “trustworthy” could be eligible for special treatment, like automatic access to merchandise in locked display cases, the document said.
USAA Class Action Alleges Insurance Association Unfairly Profited From Pandemic https://t.co/m2uwH2Fumo
— Top Class Actions (@TopClassActions) April 20, 2022
Another Facebook patent filing described how cameras near checkout counters could capture shoppers’ faces, match them with their social networking profiles and then send purchase confirmation messages to their phones. In their F.T.C. complaint, privacy groups — led by the Electronic Privacy Information Center, a nonprofit research institution — said the patent filings showed how Facebook could make money from users’ faces. A previous EPIC complaint about Facebook helped precipitate a consent decree requiring the company to give users more control over their personal details. “Facebook’s patent applications attest to the company’s primary commercial purposes in expanding its biometric data collection and the pervasive uses of facial recognition technology that it envisions for the near future,” the current complaint said.
A class action lawsuit against Facebook, questioning their privacy practices around biometric data (like facial recognition) is moving ahead.
— DuckDuckGo (@DuckDuckGo) March 5, 2018
Ms. Nadhiri said that Facebook often sought patents for technology it never put into effect and that patent filings were not an indication of the company’s plans. But legal filings in the class-action suit hint at the technology’s importance to Facebook’s business. The case was brought by Illinois consumers who said that Facebook collected and stored their facial data without their explicit, prior consent — in violation, they claim, of a state biometric privacy law. If the suit were to move forward, Facebook’s lawyers argued in a recent court document, “the reputational and economic costs to Facebook will be irreparable.”