We have been following biometric cases in Illinois, including the case against Shutterfly [view related posts]. Late last week, an Illinois federal judge denied Shutterfly’s motion to dismiss the case against Shutterfly alleging that it violates the Illinois Biometric Information Privacy Act when collecting and storing face geometry scans through facial recognition software.

In allowing the case to proceed, the Judge rejected Shutterfly’s argument that photographs are not included in the statutory definition of a biometric identifier, as that term applies to retina or iris scans, fingerprints, voiceprints, or scans of hand or face geometry, and that the statute excludes information from writing samples, signatures, photographs and tattoos.

The Judge found that if the statute is read so narrowly, it would only include an in-person scan of an individual’s face, which she found to be “problematic,” and if the legislature had wanted to narrow the definition to in person scans, it would have done so. She also noted that such a narrow interpretation would not allow the law to adapt to new technology.

Significantly, the Judge found that the plaintiff did not need to show actual damages in order to have standing to make a claim against Shutterfly. She noted that the plaintiff had “credibly alleges an invasion of his privacy” since he had not voluntarily provided his biometric information to Shutterfly. We will continue to watch the developments in this case.

We previously reported that Shutterfly’s effort to dismiss the proposed biometrics class action case against it was unsuccessful [view related post]

The proposed class action suit alleged that Shutterfly violated the Illinois Biometric Information Privacy Act because Shutterfly measured the contours of the named plaintiff’s face to create a template that it used to suggest that other photos of him be tagged with his name, also known as a “faceprint.” The Judge was unwilling to dismiss the case at its earliest stage.

Last week, the case was settled and both parties moved to dismiss the case. The details of the settlement have not been released.

Facebook still battles a similar case in Illinois for collecting facial data through its facial recognition program. It states it will “vigorously defend” the suit. Facebook has been offering its tagging program since it acquired Face.com in 2012.  Facebook reportedly holds the largest amount of biometric face-recognition data in the world.

We previously reported that Shutterfly Inc. was unsuccessful in persuading an Illinois federal judge to dismiss the biometrics case against it (view related posts, here and here).

Last week, Shutterfly moved for reconsideration of the denial, basing the request in part on Facebook’s success in convincing another Illinois judge to dismiss a similar case against it alleging violation of the Illinois Biometric Information Privacy Act (view related post).

Shutterfly requested that if the Judge does not grant its request for reconsideration, that the Judge certify the case so it can take an interlocutory appeal before the case is finally decided.

We will continue to watch biometric cases closely as they wind their way through the court system.

Friday was a busy day in Illinois with arguments over the Illinois Biometric Information Privacy Act. We previously reported that the first known biometric case has been given the green light to proceed. The case alleges that Shutterfly violated the Illinois Biometric Information Privacy Act (insert previous post here) by using facial geometry from photographs that could identify individuals. Last Friday, the plaintiff moved to certify the class of thousands of Illinoisans who used Shutterfly.

The allegations in the suit include that Shutterfly stores and uses the facial geometry of individuals in photographs, including nonusers, that can be used to identify the individuals.

Shutterfly notes that the Illinois Biometric Information Privacy Act applies to faces, not photographs. The Judge disagreed, and declared that he interpreted the law to include facial geometry. The plaintiff then moved for class certification.

In another courtroom in Illinois, Facebook argued that the court did not have jurisdiction over a suit against it by an Illinois man alleging that its photo-tagging feature “Tag Suggestions” violates the Illinois Biometric Information Privacy Act. The plaintiff, who does not use Facebook, alleges that someone else uploaded a picture of him and tagged him on Facebook, and Facebook used his facial features in the photo to determine his age, gender, race and location, violating the Illinois Biometric Information Privacy Act.

Facebook argued that there is no evidence that Facebook deliberately targeted Illinois residents to market the product, which is offered and used worldwide, nor that the person who uploaded this particular picture of the plaintiff lives in Illinois or uploaded the photo in Illinois. Facebook previously pointed out that information derived from photos is specifically excluded by the law.

We will watch these cases closely and keep you up to date on developments.

In what is being described as the first case in the U.S. regarding a state biometric privacy statute, a proposed class was successful in thwarting a motion to dismiss by Shutterfly last week over its alleged practice of collecting and storing face geometry from photos without individuals’ authorization. The plaintiff alleges that Shutterfly is using his face pattern to identify him in photographs posted on various websites, and that such violates the Illinois Biometric Information Privacy Act.

The Judge found that the plaintiff had “plausibly stated a claim under” the Illinois Biometric Information Privacy Act.

Three states to date have biometric information privacy statutes—Illinois, New Hampshire and Texas. As we have seen with other privacy issues, no doubt additional states will implement similar statutes in the future.

Facebook is facing a similar proposed class action case in federal court in Chicago over its use of biometric identification technology. We will be watching that case closely, as well as any other developments in this area.

Vimeo, Inc. was sued last week in a class action case alleging that it violated the Illinois Biometric Information Privacy Act by “collecting, storing and using Plaintiff’s and other similarly situated individuals’ biometric identifiers and biometric information…without informed written consent.”

According to the Complaint, Vimeo “has created, collected and stored, in conjunction with its cloud-based Magisto service, thousands of “face templates” (or “face prints”)—highly detailed geometric maps of the face—from thousands of Magisto users.” The suit alleges that Vimeo creates these templates using facial recognition technology and “[E]ach face template that Vimeo extracts is unique to a particular individual, in the same way that a fingerprint or voiceprint uniquely identifies one and only one person.” The plaintiffs are trying to liken an image captured by facial recognition technology to a fingerprint by calling it a “faceprint.” Very creative in the wake of mixed reactions to the use of facial recognition technology in the Facebook and Shutterfly cases.

The suit alleges “users of Magisto upload millions of videos and/or photos per day, making videos and photographs a vital part of the Magisto experience….Users can download and connect any mobile device to Magistoto upload and access videos and photos to produce and edit their own videos….Unbeknownst to the average consumer, and in direct violation of…BIPA, Plaintiff…believes that Magisto’s facial recognition technology scans each and every video and photo uploaded to Magisto for faces, extracts geometric data relating to the unique points and contours (i.e., biometric identifiers) of each face, and then uses that data to create and store a template of each face—all without ever informing anyone of this practice.”

The suit further alleges that when a user uploads a photo, the Magisto service creates a template for each face depicted in the photo, and compares that face with others in its face database to see if there is a match. According to the Complaint, the templates are also able to recognize gender, age and location and are able to collect biometric information from non-users. All of this is done without consent of the individuals, and in alleged violation of BIPA.

Although we previously have seen some facial recognition cases alleging violation of BIPA, and there are numerous cases alleging violation of BIPA for collection of fingerprints in the employment setting, this case is a little different from those, and it will be interesting to watch.

On May 26, 2016, Illinois Senator Terry Link filed a proposed amendment to the Illinois Biometric Information Privacy Act that would presumably ease the rules relating to the collection and use of biometric data. What irked some is that he reportedly tacked it onto a bill that deals with unclaimed property. The next day, Senator Link announced that the amendment was put on hold, but did not disclose any reasons why the amendment stalled.

Privacy advocates have stated that the amendment was not given appropriate public debate, and they are concerned that it would relax existing legal protections for biometric data, including exempting facial recognition software from the law.

As we have reported, both Shutterfly and Facebook faced class action litigation in Illinois for alleged violations of the Biometric Information Privacy Act for using facial recognition technology to identify and tag individuals. Shutterfly settled its case, and Facebook was successful in transferring its case to California, where it is still pending. Snapchat was the most recent technology company that uses facial recognition technology to become a defendant in a class action suit in Illinois in the past few weeks.

Senator Link’s proposed amendment merely adds the words “physical or digital” to the word “photograph” to make it clear that photographs are not included in the law. This hardly appears to change the intent of the law. The amendment further includes a definition of “scan” which clarifies that a scan included in the law is “an in-person process whereby a part of the body is traversed by a detector or an electronic beam.” These changes would in effect confirm that the scanning of a digital photograph of a person’s face is not covered by the law. Some would argue that these changes are merely clarifications to the definitions in the existing law and are consistent with the intent of the law. They are clearly in response to the class action cases against Facebook and Shutterfly, which alleged that facial recognition technology was being used to analyze photographs without individuals’ consent.

The activity in Illinois around biometrics will no doubt shape legislation and litigation in the other states that already have, or are contemplating biometrics information privacy protection laws and we will be watching it closely.

We have been following and reporting on the Facebook and Shutterfly biometrics cases in Illinois and California.

Google was recently sued by a potential class in Illinois alleging that it violated the Illinois Biometric Information Privacy Act by collecting the “faceprints” of individuals without their consent through its Google Photos service, even when they don’t have a Google Photos account.

The complaint alleges that when someone uploads a photo into the service, Google analyzes the photographs by locating and scanning the person’s face and extracts geometric data on the contours of the face and creates a template of the face.

We expect that Google will file a Motion to Dismiss and we will keep you updated on this third biometrics case filed in Illinois.

We previously reported about a proposed class action suit against Facebook for the alleged violations of the Illinois Biometric Information Privacy Act. Facebook moved to dismiss the case for lack of personal jurisdiction.

On January 22, 2016, the Judge agreed with Facebook and dismissed the case stating that the plaintiff failed to allege that Facebook knew Illinois residents would upload photos to Facebook and tag individuals in the photos.

Further, the Judge stated that Facebook only operates an interactive website that is available to those who participate and doesn’t target residents of a particular state or aim its conduct at the state.

This is a significant precedential holding relating to the Illinois biometrics statute, but Facebook faces a similar proposed class action case in California. Similarly, Shutterfly was unsuccessful in having the biometrics case against it in Illinois dismissed. We will continue to watch these cases closely.