Tech Titans Fight Back against Biometrics Suits
In a pair of legal battles that could have a ripple effect into the payments and retail sectors, Facebook and Google have invoked a recent Supreme Court decision and the U.S. Constitution to defend against claims that the companies’ facial recognition systems violate a key state biometric privacy law. Passed in 2008, the Illinois Biometric Information Privacy Act requires a person’s explicit consent before a company can perform a facial scan. The act is one of the few laws governing biometrics in the U.S., where such technology remains largely unregulated. Earlier this year, Facebook and Google each was hit with a class action lawsuit over the firms’ photo-tagging systems, which the plaintiffs claimed violate the law by creating and storing “faceprints” without a user’s direct consent.
After a federal judge denied Facebook’s initial motion to dismiss the suit in May, the social network filed a second motion to dismiss, this time based on a recent Supreme Court decision in which the high court found there must be a “concrete” injury before a consumer can sue over a privacy law. In its most recent motion, Facebook claimed any harm alleged to be suffered by facial scanning is “far too abstract and speculative” to be considered concrete. Meanwhile, Google is attempting to get the Illinois law declared unconstitutional under the commerce clause of the Constitution, which bans states from interfering with interstate commerce.
The cases are considered by many observers to be an early bellwether for U.S. biometrics law, and could help establish precedent for how companies can store and use biometrics data. With retail and payments among the industries looking to leverage biometrics, the decisions could have a major effect on how payments providers and merchants use the technology.