Weeks after a federal judge rejected Shutterfly’s request to dismiss the case, a Chicago man has formally asked the court to certify a class of perhaps thousands of other plaintiffs in his legal action alleging the popular online photo sharing site violated privacy rights under Illinois law when it created a system allowing photos to be stored and searched using facial recognition technology.
On Jan. 15, plaintiff Brian Norberg, of Chicago, through his attorneys Katrina Carroll and Kyle Shamberg, of the firm of Lite DePalma Greenberg, of Chicago, and David Milian and Frank Hedin, of Carey Rodriguez O’Keefe Milian Gonya, of Miami, Fla., filed a motion to certify the class in legal complaint he had first filed in Chicago federal court in June 2015.
In that complaint, Norberg had alleged Redwood City, Calif.-based Shutterfly and its Palo Alto, Calif.-based subsidiary, ThisLife, had broken the Illinois Biometric Information Privacy Act by “tagging” photos uploaded to Shutterfly’s various platforms using a proprietary facial recognition system. Norberg’s complaint asserted the system relies upon various “biometric identifiers” to perform the task of identifying the faces of people included in the uploaded photos.
According to the complaint, Shutterfly’s system works by encouraging users to “tag” people included in the photo – essentially telling Shutterfly who is who in the photo. Once a name has been attached to a face, the complaint alleged the system can then identify that face in subsequent photo uploads and the photo is stored with the associated “tag” in Shutterfly’s storage system, with or without the consent of the person tagged.
The complaint alleged the “biometric identifiers” lifted from the images of those tagged can then be “used by (Shutterfly and ThisLife) … also to recognize their gender, age, race and location.”
Because Shutterfly did not secure the permission of those tagged to identify them in the photos and store their biometric information, the system ran afoul of the Illinois law, the complaint alleged.
Norberg said his likeness was first stored without his consent in February 2015 when a Shutterfly user created a wedding invitation including his image on Shutterfly. About five months later, more photos including Norberg’s likeness were uploaded to ThisLife and Shutterfly’s program allegedly automatically recognized Norberg’s face from the template it had created, prompting the person who uploaded the photos to tag Norberg and allowing Shutterfly to attach Norberg’s name to his facial template without his expressed consent.
On Dec. 29, U.S District Judge Charles R. Norgle tossed Shutterfly’s motion to dismiss Norberg’s complaint.
Shutterfly had attempted to argue the Illinois BIPA law “exclused biometric identifiers,” potentially including “face geometry, derived from photographs.”
Norgle, however, said courts have yet to determine the answer to that question or virtually any others related to the Illinois BIPA, as the law was enacted in 2008 and the judge said his search of legal precedent involving the law and the issue at the heart of Norberg’s lawsuit proved “fruitless.” Likewise, he said Shutterfly included no references to precedent that could help him in this case.
“Here, plaintiff alleges that defendants are using his personal face pattern to recognize and identify plaintiff in photographs posted to websites,” Norgle wrote. “Plaintiff avers that he is not nor has he ever been a user of websites, and that he was not presented with a written biometrics policy nor has he consented to have his biometric identifiers used by defendants.”
As the Illinois BIPA “prohibits private entities from collecting biometric information from individuals absent express consent … following a written disclosure,” Norgle said Norberg’s allegations are sufficient to move his claim beyond Shutterfly’s dismissal attempt.
However, Norberg and his counsel team believe the case should also be expanded to include potentially thousands of others who, like Norberg, may allege their privacy rights were similarly violated. The putative class would include all Illinois residents who are not registered Shutterfly users and whose “biometric identifiers, including ‘face templates’ (or ‘face prints’)” were collected and stored by Shutterfly and ThisLife.
The complaint called for damages in the amount of $5,000 “for each and every intentional and reckless violation” by Shutterfly of the Illinois BIPA or $1,000 for each “negligent” violation, as well as injunctions stopping Shutterfly from continuing with its alleged photo tagging and storage practices.
Shutterfly is represented in the case by attorneys with the firm of ZwillGen PLLC, with offices in Chicago and Washington, D.C.