Snapchat Is the Latest App to Get Hit By Illinois' Biometric Privacy Act
Kristin Snyder is dot.LA's 2022/23 Editorial Fellow. She previously interned with Tiger Oak Media and led the arts section for UCLA's Daily Bruin.
Illinois Snapchat users who added dog ears or flame sunglasses to their selfies could benefit from a $35 million settlement.
According to the class action lawsuit against Santa Monica-based Snap, the company’s filters and lenses violated Illinois’ Biometric Information Privacy Act (BIPA), which was passed to protect people from private companies identifying and tracking them through facial recognition technology. Illinois residents who have used Snapchat’s filters since November 17, 2015 could receive a payout of anywhere between $58 and $117 once the claim is finalized in November.
A Snap spokesperson told dot.LA in a statement that the lenses can identify individual body parts, such as a nose or an arm, without recognizing them as part of an individual user. Additionally, the data used in the lenses are not stored in Snap’s servers.
“Snap continues to vehemently deny that Lenses violate BIPA, which was designed to require notice and consent before collecting biometric information used to identify people,” the spokesperson said. “We deeply value the privacy of our community, and Snapchat Lenses do not collect biometric data that can be used to identify a specific person, or engage in facial identification.”
Snap is just the latest tech company to take a hit from BIPA. TikTok’s $92 million settlement was finalized on Tuesday, with the class-action lawsuit claiming the Culver City-based company collected user attributes and sold them to third-party companies. Google was involved in a $100 million settlement for not informing users that Google Photos was collecting information about people’s facial geometry. Last year, a judge ordered Meta to pay $650 million in a class action lawsuit settlement claiming Facebook’s photo tagging tracked peoples’ facial features without their consent.
According to Thomas Germain, a Consumer Reports writer specializing in privacy issues, BIPA is one of the strongest privacy laws in the country. It grants people the power to sue companies on their own. Germain said other major privacy laws typically require a regulator, such as an attorney general, to enact legal repercussions.
BIPA should act as a model for future privacy laws, Germain said. Similar legislation has popped up throughout the country, with states like Texas, Washington, New York and Arkansas either passing biometric statutes or incorporating biometric data into existing laws. But Germain said the key component that makes BIPA so effective is the private right to action, which has yet to be replicated.
“We're seeing companies being hit with these huge fines,” he said. “I think it's an example of how [private right to action] is the single most important thing that makes or breaks the privacy law.”
This could change if California passes SB 1189, which was introduced in the California Legislature earlier this year. Like BIPA, the law seeks to further regulate biometric privacy by requiring users to opt-in to biometric data collection. If passed, it could potentially lead to lawsuits like the ones in Illinois, as it would allow individuals to sue companies. California State Senator Bob Wieckowski, who authored the bill, told dot.LA in a statement that the bill is meant to protect people’s highly distinctive traits by requiring users to consent to sharing such data.
“The global biometrics market is rapidly developing and we must put guardrails in place, not to hamper technological innovation, but to ensure a free society where people have a right to control how their human data is used and the means to defend themselves when that power is taken away,” Wieckowski said.
California’s previous attempt to allow people to sue social media companies was changed so only government attorneys could do so. Germain said tech companies often lobby against laws that include private right to action. When they succeed, he said it “takes a lot of the teeth out of them.” The agencies tasked with enforcing these laws often lack resources and funding, which makes going after big tech companies difficult. When everyday people can seek legal action, it tends to get results, he said.
Some companies are making location-specific changes based on biometric privacy laws. Meta turned off AR filters that use facial recognition in Texas and Illinois. At the time, Meta said it would eventually allow users in those states to opt-in to access those features. Snap has gone in a different direction, stating in a July letter to shareholders that it plans on making a profit from its AR features. (Disclosure: Snap is an investor in dot.LA)
Social media companies are unlikely to abandon filters that use biometric information, Germain said. They tend to be useful features users want, like fun images or automatic photo grouping. But as users rely on companies to tell them what is happening with their information, he said the need to protect that data is facing growing scrutiny.
“I think the overall effect that this is having on the tech landscape, at least in Illinois, is a good thing because people are learning more about what's happening with their personal information,” Germain said.
- Snapchat Rolls Out Updates to Its AR Shopping Feature - dot.LA ›
- FTC Probes TikTok, Snap, Amazon and Twitter on User Data - dot.LA ›
- TikTok May Face $29M Fine in Data Privacy Settlement - dot.LA ›
- Snapchat Unveils New Filter for Wallis Annenberg Crossing - dot.LA ›
- Snapchat Unveils New Filter for Wallis Annenberg Crossing - dot.LA ›
Kristin Snyder is dot.LA's 2022/23 Editorial Fellow. She previously interned with Tiger Oak Media and led the arts section for UCLA's Daily Bruin.
Image Source: Waymo
Image Source: Snap
Image Source: Dodgers 
Image Source: ChatGPT