Snapchat Settles Class Action BIPA Lawsuit, New Details
On August 22, 2022, American multimedia instant messaging app and service Snapchat became the latest company to settle a class action lawsuit regarding violations of the Illinois Biometric Information Privacy Act (BIPA). To this point, “Snapchat’s parent company, Snap, has agreed to a $35 million settlement to resolve a class-action lawsuit alleging it collected and stored users’ unique biometric data without permission.” For reference, the BIPA places a number of restrictions on businesses and organizations that collect the biometric information of citizens that reside within the state of Illinois, such as obtaining consent from a consumer prior to collecting or selling their biometric identifiers, among other things.
To this end, the allegations that were set forth in the lawsuit claim that Snapchat’s filter and lens features violated the provisions of the BIPA, as the mobile application gives users the ability to use the app in accordance with such visual enhancements. However, “Plaintiffs in Boone, et al. v. Snap Inc. allege Snap collected and stored Illinois users’ biometric data but did not advise them about it, thereby violating BIPA.” Subsequently, the numerous visual lens and filters that Snapchat users can take advantage of when utilizing the mobile application are completely legal in virtually every other jurisdiction around the world, as few countries have enacted biometric data protection legislation as of 2022.
Big tech and privacy concerns
Due to the inherent scale and reach of popular social media companies such as Snapchat, the violations of privacy that have been aimed at the company with respect to the BIPA in the state of Illinois were all but inevitable. As mobile applications such as Snapchat can be downloaded in any region of the world that has access to Wifi, maintaining compliance with the hundreds of data protection laws that exist globally is an arduous task for any business or organization. To illustrate this point further, several fast food chains within the U.S., including Red Lobster, Chipotle, and Applebees, in addition to others, were also hit with a BIPA class action lawsuit in August of this year as well. Likewise, this lawsuit claims that these fast food restaurants collected and retained the voice prints of customers within Illinois without first obtaining their consent.
Conversely, Snapchat has responded to the claims that were made in the class action lawsuit against them by releasing a statement that reads “Snap continues to vehemently deny that Lenses violate BIPA, which was designed to require notice and consent before collecting biometric information used to identify people. We deeply value the privacy of our community, and Snapchat Lenses do not collect biometric data that can be used to identify a specific person, or engage in facial identification. For example, Lenses can be used to identify an eye or a nose as being part of a face, but cannot identify an eye or a nose as belonging to any specific person. Moreover, even the limited data that is used to power Lenses is never sent to Snap’s servers – the data never leaves the user’s mobile device.”
The rise in biometric data privacy laws
While the Illinois Biometric Information Privacy Act was the first of its kind as it pertains to data protection legislation within the U.S., the state of Illinois is not alone in its regulation of biometric data. For example, the U.S. state of Texas enacted the Capture or Use of Biometric Identifiers Act (CUBI) in 2009, one year after Illinois passed the BIPA. Conversely, Washington State also passed its own version of a biometric data protection law, Washington’s Revised Code Ann. 19.375.020, in 2017. With all this being said, despite the minute differences between these three laws, they all require businesses and organizations to obtain consent from consumers within these respective states prior to collecting or selling their biometric information.
Furthermore, while the advent of biometric technology has occurred relatively recently, many government agencies around the world have been taking notice of the ways in which biometric information can be used to infringe on the personal privacy of individuals. Similarly, many other U.S. states around the country have also taken steps to pass biometric data protection laws at various points this year, including Maine, Kentucky, Massachusetts, Missouri, and Maryland, among others. For these reasons, businesses and organizations will have to begin reconsidering the ways in which they collect and store the biometric data of their customers, irrespective of where they are located.
In lieu of a comprehensive federal data protection law, legislation such as the Illinois Biometric Information Privacy Act represents the foremost means by which the average American citizen can ensure that their personal information and privacy are being protected at all times. As a wide range of companies that operate in numerous sectors of industry throughout the U.S. have already been hit with class action lawsuits relating to violations of the Illinois BIPA law, the choices that government officials and legislators within the state made in the past are currently paying off in the present. As a result, many other states around the country will be sure to pass similar legislation moving forward.