An Illinois man recently filed a proposed federal class action alleging that Facebook violates state law protecting the privacy of biometric data through its alleged collection of facial recognition data from over a billion faces on uploaded photos.

As many Facebook users are aware, the social networking service automatically matches persons in uploaded photos.  According to the lawsuit, this is done by scanning geometric data from faces after users “tag” (provide the name) a person in a photo not known to Facebook.

The named plaintiff in the suit, Frederick Gullen, is not a Facebook user and alleges that he never consented to Facebook allegedly acquiring his facial features taken from a photograph uploaded by another person. He seeks to represent a class of Illinois residents who are non-Facebook users but have been tagged in photos on Facebook.

The Illinois Biometric Information Privacy Act regulates capturing, using and transferring facial scans and other data “as biometric identifiers.” The state statute also covers “biometric information,” which it defines “as any information, regardless of how it is captured, converted, stored, or shared, based on an individual’s biometric identifier used to identify an individual…”

Illinois law prohibits companies that collect biometric data from selling it to third parties. During a 2012 U.S. Senate hearing, Facebook refused to commit that such information would not be sold.

Facebook has stated publicly that it considers the suit to be meritless and that it intends to defend itself vigorously.  While Facebook has yet to formally respond to the Complaint, one of the arguments it will likely make is that the statute at issue excludes information derived from photographs.

The case is Gullen v. Facebook Inc., case number 1:15-cv-07681 in the U.S. District Court for the Northern District of Illinois.