Skip to content
Jeremy-Telman
ContractsProf Blog
Official Blog of the AALS Section on Contracts

Facebook Has to Face Illinois’s Biometric Information Privacy Act

By ContractsProf Blog

 Facebook in Laptop

Facebook was sued recently by a number of Illinois residents for its “Tag Suggestions” program. The complaint alleges that Facebook’s facial recognition technology, employed to suggest to its users who they should be tagging in their uploaded photos, collected users’ biometric data derived from their faces, secretly and without procuring informed consent, in violation of Illinois’s Biometric Information Privacy Act (“BIPA”). Facebook moved to dismiss the complaint, in part on the fact that its Terms of Use require disputes with users to be governed by California law and therefore Illinois’ BIPA was not applicable. But the recent decision by the Northern District of California in In re Facebook Biometric Information Privacy Litigation, Case No. 15-cv-03747-JD (behind paywall), found that Facebook has to contend with Illinois’s BIPA. 

The court performed an analysis of whether or not Facebook’s Terms of Use was a binding contract on the user plaintiffs. Before registration, each of the users was required to click a box or a button that clearly indicated that by doing so, they were stating that they had read and agreed to the Terms of Use. Therefore, the court found that the Terms of Use were binding on the users. In addition, every time Facebook updated its Terms of Use, it sent each user an e-mail informing them of modifications, as well as placed a “jewel notification” on their Facebook feeds. Therefore, there was no real dispute that each user had agreed to the current Terms of Use. There was also no dispute that the Terms of Use contained a California choice-of-law provision. 

Nevertheless, the court refused to enforce the provision. The court noted that part of the test in evaluating whether to enforce a choice-of-law provision is to consider whether California’s law would be contrary to the “fundamental policy” of Illinois’s law and, if so, whether Illinois would therefore have a “materially greater interest” than California in the case at issue. Here, Illinois is one of only a few states with a statute concerning biometrics; California has no such statute. The court found that Illinois’s BIPA represented a fundamental policy of Illinois to protect its residents from unauthorized use of their biometrics, and that applying California law here instead of Illinois law would interfere with Illinois’s policy. In fact, the court noted, enforcing the choice-of-law provision would effectively eliminate any effectiveness of BIPA whatsoever, because there would be no ability for Illinois residents to protect themselves against national corporations like Facebook. Therefore, the court found, Facebook has to deal with Illinois’s BIPA, regardless of Facebook’s attempts to limit the relevant laws of its service to only California’s laws. 

This all leaves for another day whether the Tag Suggestions program actually does violate BIPA. 

Posted in:
Current Affairs, In the News, Recent Cases, True Contracts and Web/Tech