Court Dismisses Lawsuit Against Google's Facial Recognition Tech

A Class Action Complaint filed on March 1st, 2016 for violations of the Illinois Biometric Information Privacy Act was dismissed this weekend by federal judge Edmond E. Chang.

Face templates are created automatically when Google's users uploaded photos to their Google Photos cloud storage service. According to the lawsuit, these templates are used to identify different people in an uploaded picture so that pictures can be grouped by a particular individual.

"Google uses these face templates to compare the visual similarity of faces within Google  Photos  users’  private  accounts and  then  groups  photographs  with  visually  similar  faces  and  displays  the  groups  (called  “face  groups”)  to  the  users’  private  account,  id."

In the complaint, the plaintiffs claimed that these face templates used for the face-grouping feature brought "injury to their privacy interests." 

The lawsuit was filed by Lindabeth Rivera and Joseph Weiss who alleged that Google's automated biometric data collection methods were in direct breach of the Illinois Biometric Information Privacy Act, a law specifically designed to regulate these types of practices.

Google Photos facial biometric data not accessed by third parties

What's more, the two plaintiffs argued that Google didn't even ask for consent before generating the face templates, and "By not providing the required disclosure or obtaining the required consent, Plaintiffs argue that Google violated their right to control their own biometric identifiers and information, which Plaintiffs assert is a right of privacy."

However, the court said that "The Seventh Circuit has definitively held that retention of an individual’s private information, on its own, is not a concrete injury sufficient to satisfy Article III."

Moreover, the face templates were only used with Google Photos' face-grouping feature, and there was no evidence presented that they were shared with other users of the platform, or accessed by anyone outside the company or by unauthorized third parties.

Google did not (yet) monetize the Photos face templates

The Court concluded (.PDF) that "Plaintiffs cite to an article that describes ways in which Google’s facial recognition technology could be used in the future, including data mining, targeted advertisements, and filtering content, as well as an email chain among Google employees forwarding an article discussing similar “likely” uses."

Furthermore, "These exhibits only demonstrate future potential uses of Google’s facial recognition technology;  they do not suggest that Google currently employs these practices, that Google likely will do so in the future without consent, or that Google used Plaintiffs’ data in this way. So the evidence falls well short of a substantial likelihood that Plaintiffs will suffer any of those injuries."

Google previously suffered a number of high profile data breaches which affected millions of its users, with a couple of API bugs actually accelerating the shut down of the Google + platform, so a data breach affecting the Google Photos platform and its users in the future is also a strong possibility.