Facebook has agreed to pay $550m (£419m) to settle a lawsuit over accusations it had broken Illinois state laws concerning the use of biometric data it obtained via facial recognition technology.
The amount is among the largest payouts for a data privacy breach in US history, while demonstrating the stark consequences of crossing Illinois’s robust data privacy laws.
The New York Times first reported the settlement, noting that the sum “dwarfed” the $380m penalty imposed on Equifax over a considerably larger data breach back in 2017.
The use of biometric identifiers is heavily regulated in the state of Illinois, which prohibits the collection, storage and use of biometric data without consent of the individuals concerned. Illinois law also requires businesses to store identifiers securely and to delete them in a timely manner.
Illinois Facebook users argued that a feature called Tag Suggest broke the law by automatically processing and storing facial recognition imagery for every user in the United States, without their permission. The feature compares uploaded photos to those of the user’s friends, in order to suggest who should be tagged in any given image.
The Illinois law allows individuals to sue for up to $5,000 per violation, which, in a state of more than 12 million people, can rapidly add up for technology companies that process information at scale.
Facebook’s decision to settle, the company’s chief financial officer told investors, was just part of the increase in the company’s rising cost base. A spokesperson said: “We decided to pursue a settlement as it was in the best interest of our community and our shareholders to move past this matter.”
Reportedly, this is not the first time Tag Suggest, launched by Facebook in 2011, has landed the company in hot water. The feature caused uproar in the EU where it was disabled following a report from the Irish data protection commissioner in 2012. It was also removed from Canada around the same time. However, neither of the removals resulted in financial penalties for the social media giant, despite the fact that the feature was live for users for several months without their consent.
Source: The Guardian, New York Times