The complaint alleges that Google collected, stored and used Plaintiff’s and other similarly situated individuals’ biometric identifiers and biometric information (collectively, “biometrics”) without informed written consent, in direct violation of the Illinois Biometric Information Privacy Act
A “biometric identifier” is any personal feature that is unique to an individual, including fingerprints, iris scans, DNA and “face geometry,” among others. “Biometric information” is any information captured, converted, stored, or shared based on a person’s biometric identifier used to identify an individual.
The Illinois Legislature has found that “[b]iometrics are unlike other unique identifiers that are used to access finances or other sensitive information.” “For example, social security numbers, when compromised, can be changed. Biometrics, however, are biologically unique to the individual; therefore, once compromised, the individual has no recourse, is at heightened risk for identity theft, and is likely to withdraw from biometric facilitated transactions.” Id.
As alleged, in recognition of these concerns over the security of individuals’ biometrics – particularly in the City of Chicago, which was recently selected by major national corporations as a “pilot testing site for new applications of biometric-facilitated financial transactions, including finger-scan technologies at grocery stores, gas stations, and school cafeterias”– the Illinois Legislature enacted the BIPA, which provides, inter alia, that a private entity like Google may not obtain and/or possess an individual’s biometrics unless it: (1) informs that person in writing that biometric identifiers or information will be collected or stored, see id.; (2) informs that person in writing of the specific purpose and length of term for which such biometric identifiers or biometric information is being collected, stored and used, (3) receives a written release from the person for the collection of his or her biometric identifiers or information, see id.; and (4) publishes publically available written retention schedules and guidelines for permanently destroying biometric identifiers and biometric information.
In direct violation of each of the foregoing provisions of § 15(a) and § 15(b) of the BIPA, Google is actively collecting, storing, and using – without providing notice, obtaining informed written consent or publishing data retention policies – the biometrics of thousands of unwitting Illinois residents.
Specifically, Google has created, collected and stored, in conjunction with its cloud-based “Google Photos” service, millions of “face templates” (or “face prints”) – highly detailed geometric maps of the face – from millions of Illinois residents. Google creates these templates using sophisticated facial recognition technology that extracts and analyzes data from the points and contours of faces that appear in photos taken on Google “Droid” devices and uploaded to the cloud-based Google Photos service. Each face template that Google extracts is unique to a particular individual, in the same way that a fingerprint or voiceprint uniquely identifies one and only one person.
Plaintiff brings this action individually and on behalf of all others similarly situated to prevent Google from further violating the privacy rights of Illinois residents, and to recover statutory damages for Google’s unauthorized collection, storage, and use of these individuals’ biometrics in violation of the BIPA.