It had to happen eventually: Facebook’s “faceprints” database activities are now the target of a lawsuit.
The suit, which has been filed in the state of Illinois, alleges that Facebook’s use of its automatic photo-tagging capability to identify people in images is a violation of Illinois’ state law regarding biometric data.
Facebook has been compiling faceprint data since 2010, and while people may choose to opt out of having their images identified in such a way, not surprisingly, that option is buried deep within the Facebook “settings” area where most people won’t notice it.
Moreover, the “default” setting is for Facebook to apply the automatic photo-tagging feature to all users.
Carlo Licata, the lead individual in the class-action complaint filed in Illinois, contends that Facebook’s practices are in direct conflict with the Illinois Biometric Information Privacy Act. That legislation, enacted in 2008, requires companies to obtain written authorization from persons before collecting any sort of “face geometry” or related biometric data.
The Illinois law goes further by requiring the companies gathering biometric data to notify people about the practice, as well as to publish a schedule for destroying the information.
Here’s how the lawsuit states its contention:
“Facebook doesn’t disclose its wholesale biometrics data collection practices in its privacy policies, nor does it even ask users to acknowledge them. With millions of users in the dark about the true nature of this technology, Facebook [has] secretly amassed the world’s largest privately held database of consumer biometrics data.”
The response from Facebook has been swift – and predictable. It contends the lawsuit is without merit.
As much as I’m all for of individual privacy, I suspect that Facebook may be correct in this particular case.
For one thing, the Illinois law doesn’t reference social networks at all. Instead, it focuses on the use of biometrics in business and security screening activities — citing examples like finger-scan technologies.
As Eric Goldman, a professor of law at Santa Clara University notes, the Illinois law is “a niche statute, enacted to solve a particular problem. Seven years later, it’s being applied to a very different set of circumstances.”
And there’s this, too: The Illinois law deals with people who don’t know they’re giving data to a company. In the case of Facebook, it’s commonly understood user data is submitted with consent.
That may not be a particularly appealing notion … but it’s the price of gaining access to the fabulous networking functionality that Facebook offers its users – all at no expense to them.
And of course, millions of people have made that bargain.
That being said, there’s one nagging doubt that I’m sure more than a few people have about the situation: The folks at Facebook now aren’t the same people who will be there in the future. The use of faceprint information collected on people may seem quite benign today, but what about tomorrow?
The fact is, ultimately we don’t have control over what becomes the “tower of power” or who resides there. And that’s a sobering thought, indeed.
What’s your own perspective? Please share your thoughts with other readers here.