Snapchat Settles Class Action BIPA Lawsuit, New Details

September 13, 2022 | 4 minutes read
Snapchat Settles Class Action BIPA Lawsuit, New Details

On August 22, 2022, American multimedia instant messaging app and service Snapchat became the latest company to settle a class action lawsuit regarding violations of the Illinois Biometric Information Privacy Act (BIPA). To this point, “Snapchat’s parent company, Snap, has agreed to a $35 million settlement to resolve a class-action lawsuit alleging it collected and stored users’ unique biometric data without permission.” For reference, the BIPA places a number of restrictions on businesses and organizations that collect the biometric information of citizens that reside within the state of Illinois, such as obtaining consent from a consumer prior to collecting or selling their biometric identifiers, among other things.

To this end, the allegations that were set forth in the lawsuit claim that Snapchat’s filter and lens features violated the provisions of the BIPA, as the mobile application gives users the ability to use the app in accordance with such visual enhancements. However, “Plaintiffs in Boone, et al. v. Snap Inc. allege Snap collected and stored Illinois users’ biometric data but did not advise them about it, thereby violating BIPA.” Subsequently, the numerous visual lens and filters that Snapchat users can take advantage of when utilizing the mobile application are completely legal in virtually every other jurisdiction around the world, as few countries have enacted biometric data protection legislation as of 2022.

Big tech and privacy concerns

Due to the inherent scale and reach of popular social media companies such as Snapchat, the violations of privacy that have been aimed at the company with respect to the BIPA in the state of Illinois were all but inevitable. As mobile applications such as Snapchat can be downloaded in any region of the world that has access to Wifi, maintaining compliance with the hundreds of data protection laws that exist globally is an arduous task for any business or organization. To illustrate this point further, several fast food chains within the U.S., including Red Lobster, Chipotle, and Applebees, in addition to others, were also hit with a BIPA class action lawsuit in August of this year as well. Likewise, this lawsuit claims that these fast food restaurants collected and retained the voice prints of customers within Illinois without first obtaining their consent.

Conversely, Snapchat has responded to the claims that were made in the class action lawsuit against them by releasing a statement that reads “Snap continues to vehemently deny that Lenses violate BIPA, which was designed to require notice and consent before collecting biometric information used to identify people. We deeply value the privacy of our community, and Snapchat Lenses do not collect biometric data that can be used to identify a specific person, or engage in facial identification. For example, Lenses can be used to identify an eye or a nose as being part of a face, but cannot identify an eye or a nose as belonging to any specific person. Moreover, even the limited data that is used to power Lenses is never sent to Snap’s servers – the data never leaves the user’s mobile device.”

The rise in biometric data privacy laws

While the Illinois Biometric Information Privacy Act was the first of its kind as it pertains to data protection legislation within the U.S., the state of Illinois is not alone in its regulation of biometric data. For example, the U.S. state of Texas enacted the Capture or Use of Biometric Identifiers Act (CUBI) in 2009, one year after Illinois passed the BIPA. Conversely, Washington State also passed its own version of a biometric data protection law, Washington’s Revised Code Ann. 19.375.020, in 2017. With all this being said, despite the minute differences between these three laws, they all require businesses and organizations to obtain consent from consumers within these respective states prior to collecting or selling their biometric information.

Furthermore, while the advent of biometric technology has occurred relatively recently, many government agencies around the world have been taking notice of the ways in which biometric information can be used to infringe on the personal privacy of individuals. Similarly, many other U.S. states around the country have also taken steps to pass biometric data protection laws at various points this year, including Maine, Kentucky, Massachusetts, Missouri, and Maryland, among others. For these reasons, businesses and organizations will have to begin reconsidering the ways in which they collect and store the biometric data of their customers, irrespective of where they are located.

In lieu of a comprehensive federal data protection law, legislation such as the Illinois Biometric Information Privacy Act represents the foremost means by which the average American citizen can ensure that their personal information and privacy are being protected at all times. As a wide range of companies that operate in numerous sectors of industry throughout the U.S. have already been hit with class action lawsuits relating to violations of the Illinois BIPA law, the choices that government officials and legislators within the state made in the past are currently paying off in the present. As a result, many other states around the country will be sure to pass similar legislation moving forward.

Related Reads

Blurring Faces from Videos and The Truth About Body-Worn Camera Privacy
September 06, 2023 | 4 minutes read
Blurring Faces from Videos and The Truth About Body-Worn Camera Privacy

Body-worn cameras are an essential piece of equipment for law enforcement officers and the redaction of faces from BWC footage is necessary to protect the privacy of individuals.

Learn More »
Sensitive Information, Protected: Patient Privacy, HIPAA, And You
August 30, 2023 | 4 minutes read
Sensitive Information, Protected: Patient Privacy, HIPAA, And You

HIPAA compliance ensures patient privacy. Often making the consequences of non-compliance severe, so how do you avoid that?

Learn More »
Protecting Privacy in the Healthcare Field: PII, PHI & PCI
July 12, 2023 | 5 minutes read
Protecting Privacy in the Healthcare Field: PII, PHI & PCI

Healthcare professionals handle a wide range of sensitive data that is crucial for delivering quality care. But protecting that data is getting harder.

Learn More »
FISA Section 702, Is The US Government Monitoring You?
June 26, 2023 | 6 minutes read
FISA Section 702, Is The US Government Monitoring You?

Is there a give-and-take relationship that must be accepted when it comes to keeping the country safe? Should U.S. persons be okay with the incidental collection of their conversations in the name of national security under FISA Section 702? Even when it violates their constitutional rights? Well, that’s up to Congress to decide.

Learn More »
The Gap You Won’t Want to Close: Air-Gapped Systems
June 05, 2023 | 6 minutes read
The Gap You Won’t Want to Close: Air-Gapped Systems

An air-gapped system is a computer, or network that is physically isolated from any external connections and networks which includes the Internet. It operates in total isolation with neither wired nor wireless connections to other devices.

Learn More »
Using Redaction for Privacy Maintenance as An Investigator
May 31, 2023 | 5 minutes read
Using Redaction for Privacy Maintenance as An Investigator

These oaths emphasize upholding the law, serving the public, and protecting the rights of individuals. One of these many rights is privacy. An investigator must adhere to the legal and ethical guidelines within the jurisdiction and perform their investigation within those specifically set boundaries.

Learn More »