A law passed eight years ago in Illinois is causing legal problems for some of the largest social media companies in the U.S.
In May, two men filed a lawsuit against Snapchat under a state law passed in 2008 that requires a company to obtain written consent before using a person’s biometric information. The case, which was originally filed in Los Angeles County court, has been moved to U.S. District Court for the Central District of California last week.
The class-action suit alleges that Snapchat has been illegally collecting, storing, and using biometric information, including face geometry and iris scans, of its users without obtaining permission, which violates the Illinois Biometric Information Privacy Act.
Snapchat, through a company spokesperson, dismisses the lawsuit: “Contrary to the claims of this frivolous lawsuit, we are very careful not to collect, store or obtain any biometric information or identifiers about our community,” Snapchat says via email.
The plaintiffs, Jose Luis Martinez and Malcolm Neal, are suing Snapchat for allegedly “collecting, storing and using Plaintiffs’ and other similarly situated Illinois users’ biometric identifiers’ and information without informed written consent in violation of the Biometric Information Privacy Act (BIPA),” the lawsuit states.
The suit says that Snapchat collects biometric information when users take selfies with the Lenses feature, which allows users to augment their photos by adding animated features like a dog’s floppy ears, bee’s eyes, or a stream of rainbow vomit.
Snapchat, on its website, explains that the Lenses feature does not use facial recognition:
Some of the magic behind Lenses is object recognition. Object recognition is an algorithm designed to understand the general nature of things that appear in an image. It lets us know that a nose is a nose or an eye is an eye. But object recognition isn’t the same as facial recognition. While Lenses can recognize faces in general, they can’t recognize a specific face.
The Illinois Biometric Information Privacy Act, was passed in the state in 2008, in an effort to control how companies collect and use biometric identifiers. The law bans companies from collecting and storing a person’s unique biometric data without first obtaining permission and notifying the user.
The plaintiffs are seeking damages in the form of $5,000 for each intentional violation of BIPA, or $1,000 if the court decides Snapchat was negligent. The Chicago Tribune says the plaintiffs are seeing over $5 million.
Facebook has been sued over its facial recognition technology under the same Illinois law. Texas and Illinois are the only two states in the U.S. that regulate how companies use and store biometric data.