Facebook to Settle Illinois Biometric Privacy Class Action: A $550 Million Warning to All Companies that Collect Customer Biometric Data

February 2020

On January 29, 2020, Facebook agreed to a $550 million settlement in a class action suit filed under Illinois’ Biometric Information Privacy Act (BIPA). If approved by the California district court, the settlement will compensate Facebook users in Illinois for Facebook’s use of facial recognition technology known as “tagging” without their consent and in violation of BIPA. This significant settlement will likely spur future class action lawsuits related to biometric privacy, which have been steadily rising since the Illinois Supreme Court’s decision in Rosenbach v. Six Flags (discussed here) to hold companies liable for mere statutory non-compliance. Facebook’s settlement further emphasizes that companies need to comply with biometric privacy laws if they collect or store an individual’s biometric information. 

In Patel v. Facebook, the case resulting in the $550 million settlement, Facebook argued that the BIPA violations did not occur “primarily and substantially” in Illinois, since its servers are located in California. However, the court disagreed and suggested that a consumer’s mere use of Facebook in Illinois made BIPA applicable. This extraterritorial holding from Patel, in conjunction with Rosenbach’s holding that statutory non-compliance is sufficient injury to bring suit, highlight that companies who do business with Illinois residents need to review their biometric data collection practices for compliance with Illinois’ law, even if they are not headquartered or located in Illinois.

BIPA governs how entities operating in Illinois collect, process, and use consumers’ biometric data. It requires these businesses to obtain explicit written consent from a consumer before collecting any biometric identifiers. BIPA also requires written notice to individuals when collecting or storing biometric identifiers and mandates disclosure of the specific purpose and duration for which that data are kept. For more information on compliance with BIPA and other biometric privacy laws, see our previous client alert.

If you need assistance complying with biometric information laws or other privacy laws, please contact one of our Cybersecurity & Data Privacy attorneys.

Firm Highlights
Client Alert

COVID-19 Rescue Plan Act Expands Paid Leave Availability but Does Not Revive Employer Mandates

More
Diversity & Inclusion

Law Firm ILN-telligence Podcast Hosts Ronald A. Norwood to Discuss Mentorship, Diversity & Inclusion in the Legal Industry, and the Importance of Equity for All

More
Client Alert

CROWN Act Legislation on the Verge of Passage in St. Louis City & County

More
News

Meghan S. Largent and Lindsay S. C. Brinton Negotiate $700,000 Award to Cobb County, Georgia Landowners in Rails-to-Trails Case

More
News

Lindsay S. C. Brinton and Meghan S. Largent Negotiate $1.4 Million Settlement for Landowners along Legacy Trail

More
Diversity & Inclusion

Lewis Rice Member Ronald A. Norwood Serves on Missouri Bar’s Special Committee on Lawyers of Color to Establish Diversity, Inclusion Programs

More
Client Alert

Virginia Passes Sweeping Data Privacy Legislation Similar to CCPA and GDPR

More
Client Alert

New York State Regulator Discourages Ransomware Payments and Publishes New Cyber Insurance Risk Framework

More
News

Brian P. Pezza Gives Advice on Vaccination Acceptance in the Workforce in Society for Human Resource Management Article

More
News

Kansas City Office of Lewis Rice Names New Member

More
Client Alert

Model COBRA Notices Under the American Rescue Plan Act

More
News

Jeremy P. Brummond’s Article on Waivers of Consequential Damages is Published in Construction Executive

More
Diversity & Inclusion

Two Lewis Rice Members Selected for Leadership Council on Legal Diversity Programs

More
Diversity & Inclusion

Fatima G. Khan Elected President of South Asian Bar Association of Metropolitan St. Louis

More
Client Alert

Temporary COBRA Changes Under the American Rescue Plan Act

More
Client Alert

Public Access to Electronic Court Records in Missouri

More
Client Alert

Supreme Court Hands Down Unanimous Decision Limiting FTC’s Ability to Seek Monetary Relief

More
News

Jerina D. Phillips Offers COVID-19 Vaccination Advice for Employers in St. Louis Magazine Article

More
Client Alert

Federal Appellate Court Determines a Website Is Not a “Place of Public Accommodation” Under the ADA

More
Client Alert

Have You Done Your Annual CCPA Housekeeping?

More