Facebook to Settle Illinois Biometric Privacy Class Action: A $550 Million Warning to All Companies that Collect Customer Biometric Data

February 2020

On January 29, 2020, Facebook agreed to a $550 million settlement in a class action suit filed under Illinois’ Biometric Information Privacy Act (BIPA). If approved by the California district court, the settlement will compensate Facebook users in Illinois for Facebook’s use of facial recognition technology known as “tagging” without their consent and in violation of BIPA. This significant settlement will likely spur future class action lawsuits related to biometric privacy, which have been steadily rising since the Illinois Supreme Court’s decision in Rosenbach v. Six Flags (discussed here) to hold companies liable for mere statutory non-compliance. Facebook’s settlement further emphasizes that companies need to comply with biometric privacy laws if they collect or store an individual’s biometric information. 

In Patel v. Facebook, the case resulting in the $550 million settlement, Facebook argued that the BIPA violations did not occur “primarily and substantially” in Illinois, since its servers are located in California. However, the court disagreed and suggested that a consumer’s mere use of Facebook in Illinois made BIPA applicable. This extraterritorial holding from Patel, in conjunction with Rosenbach’s holding that statutory non-compliance is sufficient injury to bring suit, highlight that companies who do business with Illinois residents need to review their biometric data collection practices for compliance with Illinois’ law, even if they are not headquartered or located in Illinois.

BIPA governs how entities operating in Illinois collect, process, and use consumers’ biometric data. It requires these businesses to obtain explicit written consent from a consumer before collecting any biometric identifiers. BIPA also requires written notice to individuals when collecting or storing biometric identifiers and mandates disclosure of the specific purpose and duration for which that data are kept. For more information on compliance with BIPA and other biometric privacy laws, see our previous client alert.

If you need assistance complying with biometric information laws or other privacy laws, please contact one of our Cybersecurity & Data Privacy attorneys.

Firm Highlights
News

Lewis Rice Wins $1.5 Million in Compensation for Covington Landowners

More
News

61 Lewis Rice Attorneys Named Best Lawyers for 2022, 16 Named Ones to Watch

More
Client Alert

FTC Reverses Course on Treatment of Debt Payoff Under HSR Act

More
News

Brian P. Pezza Quoted in SHRM Articles on Employee Vaccination Status Disclosure and Employer Vaccination Policies

More
News

Four Lewis Rice Attorneys Named 2022 “Lawyer of the Year” by Best Lawyers

More
News

Lewis Rice Wins Nearly $500,000 in Compensation for Sarasota Landowners

More
News

Neal F. Perryman Named to Missouri’s POWER List in Employment Law by Missouri Lawyers Media

More
News

John C. Bodnar Named BTI M&A Client Service All-Star

More
News

Lewis Rice Recognized as Top M&A Firm by BTI Consulting Group

More
News

David W. Sweeney Represents Advantes Group in $7.2 Million Apartment Project

More
Diversity & Inclusion

Golf Foundation of Missouri Awards First Larry L. Deskins, Sr. Scholarship

More
News

Michael R. Thiessen Recognized as Pro Bono Spotlight by KCMBF for August

More
Client Alert

Property Owners Can Push the Issue Under Illinois Mechanic’s Lien Law

More
Client Alert

OSHA’s New Guidance Regarding Indoor Mask Wearing, COVID-19 Vaccination Mandates, Regular Testing of Unvaccinated Workers, and More

More
Client Alert

FTC Adds Teeth to the ‘Made in USA’ Rule

More
Client Alert

Missouri Now Requires Employers to Provide Leave and Accommodations for Victims of Domestic and Sexual Violence

More
News

Lauren R. Carey Creates New Blog for Social Media Influencers

More
News

Matthew J. Haas Offers Commentary for Inside P&C Article on Business Interruption Insurance and COVID-19

More
News

Michael D. Mulligan Publishes Article in ACTEC Law Journal Comparing Sales to an Intentionally Defective Irrevocable Trust and a to Beneficiary Intentionally Defective Irrevocable Trust

More
Client Alert

Supreme Court Limits Ability to Compel Access to Private Property Without Compensation

More