Facebook fails to throw out photo-tagging privacy lawsuit
Citizens claim Facebook's facial-recognition software violates privacy


Facebook's bid to kill off a lawsuit claiming its facial-recognition software violates users' privacy has been rejected by a US judge.
The software was used to help 'tag' people in photos on the site, and three Illinois residents filed a lawsuit against Facebook for violating the state's Biometric Information Privacy Act.
The act was passed in 2008, requiring companies to get consent from users before collecting or storing biometric data including 'faceprints'.
The judge ruled that the act had initially been passed by legislators in order to combat privacy issues posed by emerging biometrics technology from companies such as Facebook and Google.
"The court accepts as true plaintiffs' allegations that Facebook's face recognition technology involves a scan of face geometry that was done without plaintiffs' consent," US District Court Judge James Donato said, quoted by USA Today.
"The statute is an informed consent privacy law addressing the collection, retention and use of personal biometric identifiers and information at a time when biometric technology is just beginning to be broadly deployed.
"Trying to cabin this purpose within a specific in-person data collection technique has no support in the words and structure of the statute, and is antithetical to its broad purpose of protecting privacy in the face of emerging biometric technology."
Get the ITPro daily newsletter
Sign up today and you will receive a free copy of our Future Focus 2025 report - the leading guidance on AI, cybersecurity and other IT challenges as per 700+ senior executives
However, Facebook hit back at the claims by arguing that 'faceprints' from photos uploaded to the site do not count as biometric data, and that photo-tagging is disclosed in its terms of service with an opt-out option.
Caroline has been writing about technology for more than a decade, switching between consumer smart home news and reviews and in-depth B2B industry coverage. In addition to her work for IT Pro and Cloud Pro, she has contributed to a number of titles including Expert Reviews, TechRadar, The Week and many more. She is currently the smart home editor across Future Publishing's homes titles.
You can get in touch with Caroline via email at caroline.preece@futurenet.com.
-
What is polymorphic malware?
Explainer Polymorphic malware constantly changes its code to avoid detection, making it a top cybersecurity threat that demands advanced, behavior-based defenses
-
Outgoing Kaseya CEO teases "this is just the beginning" for the company
Opinion We spoke to Fred Voccola who remains a key figurehead at the firm as it enters its next chapter...
-
UK businesses patchy at complying with data privacy rules
News Companies need clear and well-defined data privacy strategies
-
Data privacy professionals are severely underfunded – and it’s only going to get worse
News European data privacy professionals say they're short of cash, short of skilled staff, and stressed
-
Four years on, how's UK GDPR holding up?
News While some SMBs are struggling, most have stepped up to the mark in terms of data governance policies
-
Multicloud data protection and recovery
whitepaper Data is the lifeblood of every modern business, but what happens when your data is gone?
-
Intelligent data security and management
whitepaper What will you do when ransomware hits you?
-
How to extend zero trust to your cloud workloads
Whitepaper Implement zero trust-based security across your entire ecosystem
-
The threat prevention buyer's guide
Whitepaper Find the best advanced and file-based threat protection solution for you
-
Why The Matrix offers valuable lessons on data sovereignty for channel partners
Industry Insights Two decades on, there's much that the Matrix series can teach channel partners about data sovereignty