In an opinion article dated August 8, 2019, the Ninth Circuit Court affirmed the district court’s order certifying a class action of users who claim Facebook’s facial-recognition technology violates Illinois’s Biometric Information Privacy Act (BIPA). A copy of the Ninth Circuit’s opinion can be found here.
At issue is Facebook’s use of facial-recognition technology without first obtaining the consent of its users. The court agreed that the plaintiffs had sufficiently alleged a concrete and particularized harm sufficient to confer Article III standing. The court reached its conclusion by applying the two-step approach established in Spokeo, Inc. v. Robins: “(1) whether the statutory provisions at issue were established to protect [the plaintiff’s] concrete interests (as opposed to purely procedural rights), and if so, (2) whether the specific procedural violations alleged in this case actually harm, or present a material risk of harm to, such interests.”
After providing a detailed analysis and discussing the Telephone Consumer Protection Act, the Fair Credit Reporting Act, common law privacy rights, constitutionally protected zones of privacy, and the intent behind BIPA, the court concluded that because BIPA protected plaintiffs’ privacy interests, violations of BIPA’s requirements “actually harmed or posed a material risk of harm to those privacy interests.”
In affirming the district court’s order, the court further held that the district court did not abuse its discretion in certifying the class or determining that a class action was superior to individual actions.
This case also illuminates the number of law firms that have submitted amicus briefs on behalf of notable privacy and civil rights organizations. Clearly, the issue of how and why data is being collected and used has become an issue at the forefront of the privacy debate.