Almost seven in 10 U.S. adults use Facebook, according to the Pew Research Center. That means most of the people reading this article likely use Facebook. Consequently, a fraction of those have likely been asked if they want to tag their friends in a photo, as Facebook recognizes their face through advanced facial recognition software.
This feature, launched in 2010, is called Tag Suggestions. If a user enables it, Facebook can use facial recognition technology to assess whether the user’s friends are in the photo. The tech utilizes various geometric points from the face to develop a “facial signature” and compare that to users in its database for a suggestion of whom to tag.
At first glance, it seems harmless; in fact, many people would argue for its convenience. Facial recognition software makes a Facebook user’s social media activity effortless – a quality that continues to become increasingly popular for consumers. But with that convenience also comes negative repercussions for consumers’ privacy.
In 2015, three Facebook users living in Illinois filed a class action lawsuit against Facebook, alleging that Facebook’s facial recognition software violated an Illinois law known as the Biometric Information Privacy Act (BIPA). BIPA forbids private entities from collecting and capturing any biometric information unless it informs the subject of the collection, obtains written consent, and has a retention and destruction of collected biometric data schedule in place.
In June 2016, Facebook moved to dismiss the case on the grounds that the plaintiffs had not alleged any concrete injury, but this motion was denied by the district court.
“Plaintiffs’ complaint alleges that Facebook subjected them to facial-recognition technology without complying with an Illinois statute intended to safeguard their privacy,” states 9th Circuit Court of Appeals Judge Sandra Ikuta’s opinion. “Because a violation of the Illinois statute injures an individual’s concrete right to privacy, we reject Facebook’s claim that the plaintiffs have failed to allege a concrete injury-in-fact for purposes of Article III standing. Additionally, we conclude that the district court did not abuse its discretion in certifying the class.”
On September 5th, Facebook urged the Ninth Circuit for a rehearing en banc — that is, heard before all judges in a court rather than a panel — arguing that the three-judge panel “throws open the door to class claims threatening draconian liability.”
If Facebook is found to have violated BIPA, it will face legal ramifications for the storage of any face template collected after June 7th, 2011.
“If Facebook violated BIPA for all seven million users, the damage is $1,000 per violation if Facebook was negligent,” said Fennemore Craig attorney Marc Lamber. “It’s upward of $5,000 per violation if it was reckless or intentional. And it’s per violation; theoretically, with respect to a user who has uploaded many photos and you have tagging going on with respect to all those photos, there could be many violations per user.”
This lawsuit with Facebook represents just the tip of the iceberg for facial recognition software and its potential privacy violations. Yet, the acceptance of facial recognition software extends far past its convenience on social media. A survey conducted by the Center for Data Innovation last December found that only 18 percent of those polled agreed to strict limitations on facial recognition technology if it jeopardizes public safety.
“It’s somewhat of a siren that we need to be aware that it’s kind of creepy. You have companies now that have our most private information – our face, our voice. And how we have to be mindful – each of us – in what ways can that be mishandled or misused…” Lamber said. “We just need to be more vigilant and be aware that while technology can be a shiny object, we have to be careful and we all need to dive more deeply into this and understand it.”
This presents an opportunity for parents and youth to start conversations about technology and its potential damaging effects, Lamber explains. Users can enable and disable facial recognition on Facebook, for example, but it’s up to the consumer to exercise that due diligence.
Technology, as the plaintiffs in the aforementioned case are seeing, is moving faster than the legal system in many cases. When one technological safety concern is solved, another arises just as quickly.
“There’s clearly more activity in this area than ever, and I think there’s a recognition from users, from consumers, and from lawmakers, and from people of all walks of government that this is a technology we need to watch,” Lamber said. “We need to understand it better, and there’s sure to be a lot more regulation and a lot more disclosure.”
Facebook announced early this month that it plans to discontinue their photo-tagging suggestion setting, but the problem extends past the social media network. Further, a study by research firm MarketsandMarkets found that the facial recognition market size will grow from $3.2 billion in 2019 to $7 billion by 2024.
Although the class action lawsuit against Facebook is far from over, Lamber believes that regardless of any potential ruling, this will be a recurring public discussion point for years to come.