Facebook Pays $650 Million for Privacy Violations

A federal judge has approved a $650 million settlement of a privacy lawsuit against Facebook, in what is being called the largest settlement for a privacy violation in history! 🤑

Facebook was sued in Illinois in 2015 for allegedly using its photo face-tagging feature and other user biometric data without its users’ consent. U.S. District Judge James Donato approved the settlement of the class-action lawsuit involving nearly 1.6 million Facebook users.

“It will put at least $US345 into the hands of every class member interested in being compensated,” Donato wrote in the judgement. But what did Facebook do, exactly?

What Did Facebook Do Wrong?

Facebook violated Illinois’ Biometric Information Privacy Act (BIPA), which allows consumers to sue companies that don’t get permission before harvesting biometric data. Biometric data in this context means stuff that can be used to identify and track you as an individual. This includes your fingerprints, palm prints, retina, DNA, facial characteristics, voice, and even body odor. 🦨

Collecting this type of data is nothing new. Police, for example, have been fingerprinting people for more than a century now. However, the scope of the collection by social media giants like Facebook is definitely new territory. Think about it: Facebook had 2.8 billion monthly active users during the last quarter of 2020. That’s a third of the human population on the entire planet!

Illinois was one of the first states in the U.S. to regulate the collection of biometric information without consent with the passage of BIPA in 2008. The law, which is among the strictest of its kind in the U.S., allows individuals to sue for damages for privacy violations. Tech companies can be fined between $1,000 to $5,000 per violation, depending on the seriousness of the case. 🤫

How Did Facebook Violate BIPA?

The lawsuit filed in 2015 accused Facebook of failing to get consent from its users before using its facial-recognition technology to scan uploaded photos and create digital “face templates.” Facebook allegedly used the templates to tag individuals in photos without obtaining written releases from the tagged individuals. 

The suit was filed by Chicago attorney Jay Edelson in April 2015 on behalf of Carlo Licata. The case was eventually moved to California federal court, where it obtained class-action status. Facebook proposed a $550 million settlement after appellate proceedings ended, but that was rejected for being too little. The social media giant then increased the amount to $650 million, which was accepted. 💵

Donato’s final approval of the “landmark result” means the settlement can now move forward. Out of the $650 million Facebook agreed to pay, almost $100 million was deducted in attorneys’ fees and expenses. $5,000 was awarded to each of the three named plaintiffs in the lawsuit. The rest will be distributed to all class members equally. 

The settlement class included approximately 6.9 million users who had face templates made by Facebook since it implemented its face-tagging feature in June 2011. To qualify, users had to have lived in Illinois for at least six months since 2011. Nearly 1.6 million claim forms were filed before the November 22 deadline, representing just 22% of the eligible users. Each of the 1.6 million Illinois class members can expect a check for $345 in the mail. 

“We are pleased to have reached a settlement so we can move past this matter, which is in the best interest of our community and our shareholders,” Facebook said in a statement. The platform reportedly changed the face-tagging system after the lawsuit was filed in 2015.

Have Other Social Media Platforms Violated BIPA?

Instagram was recently hit with a similar lawsuit that claims the platform also collected biometric data from users without consent. The suit filed in Illinois accuses Insta of using its face-tagging tool to automatically scan the faces of everyone in your posts—including people who don’t use Instagram and never agreed to its terms of services. 😑

The lawsuit was filed on behalf of Kelly Whalen, an Illinois resident who has used Instagram since 2011. Over 100 million Instagram users were reportedly affected, which means Instagram (or rather, Facebook) could end up being fined $500 billion if it’s found responsible! The fact that Facebook settled the last BIPA class-action suit sets a precedent and doesn’t bode for the company. 

TikTok has also recently settled a class-action lawsuit accusing it of privacy violations. It agreed to pay $92 million to settle almost two dozen federal lawsuits accusing it of collecting data from 89 million U.S. users without permission. The company allegedly harvested a lot of data from users, some of whom are just 9 years old, and sent it to servers in China. 

Why Is Online Privacy Such a Big Deal Lately?

Online privacy has become a controversial issue in recent years as more users become conscious of how much private data tech companies are collecting and selling to third parties for profit. Critics are calling for more oversight and stricter consumer data protection laws, but so far Illinois, Washington, and Texas are the only states to pass actual regulation. 

A lot of people don’t know their rights when it comes to online privacy. 🤨 If you feel your privacy on Facebook, Instagram, TikTok, or any social media platform has been violated, contact a social media attorney for help!