Both Facebook and Google state that collecting facial biometrics data isn’t against the law, even without the user’s consent. If judges side with Facebook and Google, the companies may be able to throw out any lawsuits filed under an Illinois law that charges a $1,000 to $5,000 penalty fee each time an individual’s image is used without consent. However, a loss would force these companies to restrict the use of biometrics in the U.S. as it has previously done in Europe and Canada.
Facebook encourages users to “tag” people in images they post and stores the collected data. It then uses DeepFace software to match other images of an individual with 97.35 percent accuracy. Meanwhile, Alphabet Inc.’s cloud-based Google Photos service uses similar technology.
Privacy advocates and legal experts are also concerned that the billions of images Facebook is supposedly collecting could be stolen by criminals for the purpose of identity theft. And while an individual’s private information — such as their credit card number or Social Insurance number — can ultimately be changed, biometric data for face geometry, fingerprints, hands, retinas and blood samples, are unique identifiers that remain constant.
“Biometric identifiers are a key way to link together information about people,” such as discrete financial, medical and educational records, said Marc Rotenberg, the president of the Electronic Privacy Information Center. “[Facebook has] cleverly got its users to improve the accuracy of its own database.”