A federal judge in San Francisco won’t completely close out a class action based on allegations Facebook violated an Illinois privacy law when it allowed photographs to be uploaded without the consent of people pictured who didn’t have accounts with the social media giant.
U.S. District Judge James Donato issued the opinion March 31 in a case he wrote substantially “overlaps with the facts and law” of a case that ended in early 2021 with a $650 million settlement for Illinois residents with Facebook accounts based on allegations the platform’s photo-tagging system violated the Illinois Biometric Information Privacy Act.
Donato, who also presided over that litigation, said the complaint from named plaintiff Clayton Zellmer is distinct because its class would include Illinoisans who never had a Facebook account or used services of the company now known as Meta. But as in the settled class action, the heart of Zellmer’s claims is a Facebook algorithm that relies on facial recognition technology.
David Milian
| Carey Rodriguez
“Since Zellmer filed the complaint in this case, Facebook has abandoned the tagging functionality pursuant to the settlement agreement,” Donato wrote.
Allegations common to both complaints are that Facebook didn’t obtain written authorization from those being tagged before it scanned their images and created a template assigned to their name, and further that Facebook didn’t provide notice to users before conducting the tag suggestion facial scans.
Facebook requested summary judgment on Zellmer’s complaint, which Donato granted as relates to BIPA’s notification and consent requirements.
“The reason is straightforward,” Donato wrote. “It would be patently unreasonable to construe BIPA to mean that Facebook was required to provide notice to, and obtain consent from, non-users who were for all practical purposes total strangers to Facebook, and with whom Facebook had no relationship whatsoever.”
He further said filings from Facebook and Zellmer “devoted substantial effort” to questions over whether facial scans are biometric “identifiers” or “information” under BIPA, and whether the company “collects” or “possesses” those scans. But even reading things in Zellmer’s favor, Donato explained, his allegations read BIPA’s protections too broadly.
“The Illinois Legislature clearly contemplated that BIPA would apply in situations where a business had at least some measure of knowing contact with and awareness of the people subject to biometric data collection,” Donato wrote. “The legislative findings emphasize that BIPA is intended to apply to interactions between businesses and their customers.”
Taking Zellmer’s position, Donato continued, would essentially mean Meta would have to “identify every non-user in Illinois on a regular basis, and figure out a way to communicate with them to provide notice and obtain consent.” He rejected Zellmer’s ideas for how this could be accomplished, such as “deputizing” users to affirm non-users consented to having their faces scanned in uploaded pictures or to apply facial scanning only when Facebook users had written permission from everyone in a picture.
“This too is not consonant with the plain language of BIPA, and immediately raises an insurmountable practical problem for the myriad of photos taken in restaurants, vacation destinations, school graduations and countless other settings where unknown people will appear in a picture,” Donato wrote. “There is no realistic way for the person posting the photo to obtain consent from every stranger whose face happened to be caught on camera. It may be, as Zellmer suggests, that Amazon and Shutterfly have such policies, but that does not mean those policies satisfy BIPA, or are otherwise legally sound. Simply pointing to other policies also does not provide an answer to the problems the court has identified.”
However, Donato refused summary judgment on Zellmer’s allegation Facebook lacked a written, publicly available data retention policy. He said Zellmer contests Facebook’s evidence concerning such a policy and its past actions, such as claims it deleted facial signatures if it determined there wasn’t a match to an existing template, and determined such “quintessential disputes of material facts” must be resolved at trial.
Donato set a status conference for May 26, at which time both sides should expect to discuss if the lack of a public policy meeting BIPA requirements would be a single violation warranting one pool of liquidated or actual damages or if another remedy would be appropriate.
Zellmer has been represented in the case by attorneys David P. Milian, John C. Carey and Jennifer M. Hernandez, of the firm of Carey Rodriguez Milian, of Miami; and Albert Y. Chang, of Bottini & Bottini, of LaJolla, California.
Facebook has been represented by attorneys Lauren R. Goldman, Michael Rayfield and Matthew D. Provance, of the firm of Mayer Brown, with offices in Chicago and New York; and Michael G. Rhodes and Whitty Somvichian, of Cooley LLP, of San Francisco.