“Illinois’s BIPA legislation requires company’s to obtain explicit, informed consent from individuals before using their biometrics – something Facebook did not attempt to do with respect to its photo tagging system.”
Only a quarter of the 6 million Illinoisans eligible for Facebook’s settlement of its Biometric Information Privacy Act violation claimed their payout, further illustrating the low downside of the social media giant’s malfeasance with respect to the punitive aims of the state’s biometric privacy law.
The lawsuit concerned Facebook’s use of facial recognition in automatically ‘tagging’ individuals whose images were uploaded to Facebook’s platform. Illinois’s BIPA legislation requires company’s to obtain explicit, informed consent from individuals before using their biometrics – something Facebook did not attempt to do with respect to its photo tagging system.
BIPA entails a fine of $1,000 per infraction, which would have amounted to a pretty considerable sum if it had been applied literally to Facebook’s case. But Facebook’s lawyers negotiated a settlement of $550 million. That was subsequently rejected by U.S. District Court Judge James Donato on the grounds that it was too low to properly recompense claimants, prompting Facebook to come back with an offer of a $650 million settlement that was ultimately accepted.
That will cash out to about $300 each for the 1.57 million people who claimed the settlement, after administrative and attorney costs are factored in, according to a Bloomberg report.
The estimate of claimants is based on court filings after last week’s deadline; and while 25 percent might seem low, it’s considerably higher than the average of less than 10 percent of eligible claimants who actually file their claims in other class action suits.
Still, from one perspective, the payout shows just how small a bite BIPA has been able to take out of Facebook, which posted a net income of $7.8 billion for its most recent fiscal quarter. BIPA is widely considered to be the most comprehensive biometric privacy legislation in the country, yet its enforcement in its most high-profile case yet is unlikely to have a meaningful financial impact on its subject.
From another perspective, though, the case shows that Facebook, despite the considerable resources at its disposal, was not able to fend off a BIPA lawsuit, and ultimately had to pay out a sum that would be considerable for a smaller company. That might send a signal to other businesses collecting biometric data in Illinois, and beyond.
November 30, 2020 – by Alex Perala