On November 12, 2020, Judge Nancy J. Rosenstengel of the US District Court for the Southern District of Illinois denied Apple Inc. (“Apple”) ‘s motion to dismiss a class action lawsuit alleging its facial recognition software violated biometric data Illinois Data Protection Act (“BIPA”) information. Judge Rosenstengel agreed Apple, however, that the federal court was not materially competent for parts of the complaint.
The case involves a group of Illinois residents who claim that Apple uses technology to collect facial geometry from user pictures stored in the Photos app on Apple devices. According to plaintiffs, this feature was pre-installed on Apple devices manufactured since mid-2016, and users have no option to remove or disable the software. They claim that Apple violated BIPA by collecting, owning, and benefiting from biometric information without the knowledge or consent of Apple device users. The class action lawsuit seeks to represent Illinois residents whose photo was saved on an Apple device using facial scanning technology and seek compensation for any alleged BIPA violation.
After Apple referred the case from the district court to federal court, Apple filed for dismissal on the grounds that the lawsuit did not belong in federal court because plaintiffs had failed to prove how they were harmed by facial recognition technology and therefore not stand in federal court could. Apple also contends that the facial scans are not associated with identifiable individuals and should not be considered identifiable under BIPA, and further contends that BIPA should not apply because facial recognition occurs on user devices and not from photo App is transferred to Apple. Apple also alleges that plaintiffs failed to show how Apple benefited from facial recognition technology.
Judge Rosenstengel referred the following two allegations back to the District Court for a lack of standing in the federal court: (1) the allegation that Apple held the biometric information without establishing a retention policy for when the information was destroyed, and (2) claims that Apple will profit from selling devices with facial recognition software. Judge Rosenstengel allowed claims that Apple violated the BIPA by collecting the biometric information to proceed in federal court and concluded that plaintiffs stand because they claim Apple was pre-collecting facial scans never received a declaration of consent in the photo app.
The judge concluded that at this point in the litigation there were still factual questions about the data collected by facial recognition technology and it is not yet clear whether BIPA applies. In particular, she noted that BIPA “fully” defines biometric information and includes scans of facial geometry in the definition. Taking into account all the allegations and all conclusions in favor of the plaintiffs, the judge wrote that this alleged violation would “cause specific, particular harm to the plaintiffs, since they were empowered to make informed decisions about the collection and storage of their biometric data eroded. “