This article in the National Law Review indicates that the Illinois district court refused to dismiss a class action against Google alleging that the Google Photos service violated the Illinois Biometric Information Privacy Act (BIPA):
“We’ve closely followed the numerous biometric privacy disputes and legislative developments surrounding the Illinois Biometric Information Privacy Act (BIPA), which precludes the unauthorized collection and storing of some types of biometric data. In the latest ruling, an Illinois district court refused to dismiss a putative class action alleging that the cloud-based Google Photos service violated BIPA by automatically uploading plaintiffs’ mobile photos and allegedly scanning them to create unique face templates (or “faceprints”) for subsequent photo-tagging without consent. (Rivera v. Google, Inc., No. 16-02714 (N.D. Ill. Feb. 27, 2017)).
This is the third instance where a district court refused, at an early stage of a litigation, to dismiss BIPA claims relating to the online collection of facial templates for photo-tagging purposes. Unlike those prior courts’ relatively cursory interpretations, however, the Rivera court’s expansive 30-page opinion is the deepest dive yet into the statutory scheme (and purported vagaries) of the Illinois statute. The decision is the latest must-read for mobile or online services that collect and store biometric data from users as to what extent their activities might fall under the Illinois biometric privacy statute. It may well turn out that the plaintiffs’ claims in Rivera (as well as the ongoing biometric privacy litigation going on in California) may prove unsuccessful on procedural or statutory grounds, yet, these initial takes on the scope of BIPA stress the importance of examining current practices and rollouts of new services that feature biometrics.”
This law and the resulting class action is a timely warning for new biometric authentication services that will soon be coming to market. It is critical that the consumer agrees to the service and has total control over the biometric – as is core to the FIDO Alliance principles. Inappropriate implementations have negatively impacted other industries, including prepaid and overdraft services, which drove consumer dissatisfaction which resulted in highly restrictive regulations, although the 900+ page prepaid regulation remains in flux.
Overview by Tim Sloane, VP, Payments Innovation Advisory Service at Mercator Advisory Group
Read the full story here