X

Facebook's newest privacy problem: 'Faceprint' data

A court case moves forward over whether the social network is breaking the law for not asking your explicit permission for scanning and storing your facial features.

Katie Collins Senior European Correspondent
Katie a UK-based news reporter and features writer. Officially, she is CNET's European correspondent, covering tech policy and Big Tech in the EU and UK. Unofficially, she serves as CNET's Taylor Swift correspondent. You can also find her writing about tech for good, ethics and human rights, the climate crisis, robots, travel and digital culture. She was once described a "living synth" by London's Evening Standard for having a microchip injected into her hand.
Katie Collins
2 min read
Thomas Trutschel, Photothek via Getty Images
Watch this: Facebook in trouble for storing information about your face

Facebook knows you so well these days that it can recognize you just by seeing your face. You may not have a problem with this, but that doesn't mean it's all good in the eyes of the law.

The social network lost the first round of a lawsuit on Thursday in which it is accused of "unlawfully" storing biometric data mined from people's photographs. The company was seeking to have the suit dismissed, but a federal judge in California rejected the request.

Facebook taps into its photo-tagging system to build up a geometric representation of people's faces to create something called a faceprint for each of its users. Faceprints are then used to suggest tags for people when new photos are uploaded to the network. The practice is outlined in the company's data policy, and users can opt out of having their face data collected.

One could argue that the clue is in the name, but many Facebook users probably don't know that they agree to having data about their face stored when they sign up. A group of Facebook users from Illinois has taken particular issue with this, accusing the social network of violating the Illinois Biometric Information Privacy Act for not seeking explicit consent to collect identifiers based on their physical features. If the law sides with the Illinois users, Facebook and other companies such as Google, which also uses facial recognition tech, might need to revisit their user agreements.

Facebook hoped to get the case thrown out on the grounds that its user agreement states any disputes should be governed solely by California law, but the judge decided that its terms do not protect the company from being subject to Illinois' biometrics act, saying in the ruling that the plaintiffs present a "plausible claim."

The company did not respond to a request for comment.

This is the far from the first time the social network has received pushback from users for not being explicit about details buried within its privacy policy. In the past such disputes have resulted in the social network becoming more transparent about privacy and security, making its setting and agreements easier for users to understand.