Nimesh Patel, aggrieved user of Facebook and Illinois resident, isn’t naive: He well understands that the social networking company collects information about him. But Facebook went too far for his liking when it collected certain intimate details about his physiognomy, such as how many millimeters of skin lie between his eyebrows, how far the corners of his mouth extend across his cheeks, and dozens of other aspects of his facial geometry that enable the company’s face recognition software to identify him.
Patel is a named plaintiff in a class-action lawsuit against Facebook alleging that the company’s use of face recognition technology violates an Illinois law passed in 2008. The Biometric Information Privacy Act (BIPA) sets limits on how companies can store and use people’s biometric identifiers, which the law defines as fingerprints, voiceprints, retina or iris scans, and scans of hand or face geometry. The case is scheduled for trial this October, and similar Illinois-based lawsuits are proceeding against Google and Snapchat. In the upcoming year, the courts will host a debate over who can keep our faces on file.