Facebook has agreed to pay $550 million to settle claims in Illinois that the company violated local laws on facial recognition technologies.
The results of the lawsuit were made public on Wednesday and have been described as the "largest cash settlement ever resolving a privacy-related lawsuit."
Launched by law firms Edelson, Robbins Geller, and Labaton Sucharow close to five years ago on behalf of Facebook users in Illinois, the lawyers argued that the social network's "Tag Suggestions" feature violated the Illinois Biometric Information Privacy Act (BIPA).
BIPA attempts to safeguard users from their biometric information being used or sold without their consent. The law requires vendors to develop a written policy indicating how data is collected, the purpose of such collection, and to indicate when the information will be destroyed -- either after its purpose is fulfilled or within three years of a user's last interaction with an organization. BIPA also demands the written consent of individuals for their biometric markers to be collected and stored.
The lawsuit alleged that the way Facebook collected biometric face prints for use in tagging suggestions violated these stipulations, as biometric identifiers were scraped, stored, and used without a release or destruction schedule.
See also: The decline of social media: Facebook and Twitter leave us wanting
Facebook is not the only company that has been scrutinized for its biometric practices under this law. Delaware-based Vimeo, too, has been accused of collecting and storing biometric marks obtained from users without clear, written consent.
Only last week, Clearview AI became central to a new class-action lawsuit that alleges the startup is selling access to biometric face prints to law enforcement without consent. Over three billion images are reportedly held by Clearview AI, scraped from websites including Facebook and YouTube.
Facebook's case was first brought forward by Edelson, and after Robbins Geller and Labaton Sucharow launched similar lawsuits, the complaint was consolidated and moved to the United States District Court in San Francisco. The court case was also heard in the Ninth Circuit Court of Appeals and the United States Supreme Court.
CNET: Huawei ban: Full timeline as Britain gives Huawei approval to build its non-core 5G network
The social networking giant argued that Illinois law shouldn't apply as data was stored outside of the state. Mediation sessions failed time after time, but as it was clear the case was not going away, the parties eventually reached an agreement.
The $550 million settlement will be used for an all-cash fund to compensate users. However, the District Court presiding over the case must first approve the agreement and figure before the fund can be officially launched.
"This case should serve as a clarion call to companies that consumers care deeply about their privacy rights and, if pushed, will fight for those rights all the way to the Supreme Court and back until they are justly compensated," commented Paul Geller, the head of the consumer protection arm of Robbins Geller.
TechRepublic: Data privacy: Top trends to watch in 2020
Facebook has always denied any wrongdoing. A spokesperson told sister site CNET that Facebook elected to settle the dispute as "it was in the best interest of our community and our shareholders to move past this matter."
This week, Facebook published strong Q4 2019 financial results, with revenue of $21.082 billion and $2.56 earnings per share, beating analyst expectations of $2.53 on revenue of $20.89 billion.
Facebook's worst privacy scandals and data disasters
Previous and related coverage
Have a tip? Get in touch securely via WhatsApp | Signal at +447713 025 499, or over at Keybase: charlie0