Facebook fined $650 million for collecting facial recognition data inappropriately
Facebook has been ordered to pay $650 million as part of a settlement to Illinois residents for collecting facial recognition data without their consent. About 1.6 million affected users in Illinois will receive a little over $337 each, totaling $540 million. Another $110 million of the total imposed fine will go to the legal firms representing three residents who filed the original 2015 lawsuit.
Culmination of 2015 lawsuit against Facebook flouting Illinois biometric laws
The class-action lawsuit began with three Illinois residents catching Facebook breaking state law. The Biometric Information Privacy Act (BIPA) mandates taking consent to collect facial recognition data. The suit called out Facebook's "tag suggestions" feature for using facial recognition without user consent. The feature leverages facial recognition to identify individuals in photos and allows users to tag known friends within their circle.
What is the Biometric Information Privacy Act?
Adopted by Illinois in 2008, Biometric Information Privacy Act mandates all entities gathering biometric data to obtain informed consent from individuals. The scope extends to fingerprints, voice, "hand or face geometry," and ocular (retinal) scans. It also stipulates secure storage of the biometric data.
Facebook gets off easy; dodges $35 billion maximum fine
If the $650 million settlement figure seems bad, Facebook stood to lose up to $35 billion if it had continued with the case. It had initially tried to settle the case for $550 million, but the offer was thrown out by the judge. The full extent of the fine would have entailed anywhere between $1,000 to $5,000 per violation across 7 million affected users.
Facebook still smarting from the $5 billion Cambridge Analytica settlement
The FTC had slapped Facebook with a $5 billion fine for misappropriating user data. Recognized as one of the largest fines levied by the US government, the settlement was almost 20 times greater than any data security fine imposed worldwide. Although Facebook was under the federal scanner for its data-handling practices, the Cambridge Analytica scandal was the proverbial straw that broke the camel's back.