A federal judge in Illinois dismissed a class action lawsuit against the social network X, ruling that the photos it collected did not constitute biometric data under the state's Biometric Information Privacy Act (BIPA). The lawsuit alleged that X violated BIPA by using Microsoft's PhotoDNA software to scan for offensive images without proper disclosure and consent.
The judge concluded that the plaintiff failed to prove that the PhotoDNA tool involved facial geometry scanning or could identify specific individuals. Instead, the software analysed uploaded photos to detect nudity or pornographic content, which did not qualify as a scan of facial geometry under BIPA.
The ruling mirrors a recent case involving Facebook, where allegations of illegally collecting biometric data were dismissed. Both cases clarified that a digital signature generated from a photograph, known as a 'hash' or face signature, did not violate BIPA's definition of biometric identifiers.
The judge emphasised that BIPA aims to regulate specific biometric identifiers like retina scans or fingerprints, excluding photographs to avoid an overly broad scope. Applying BIPA to any face geometry scan that cannot identify individuals would contradict the law's purpose of ensuring notice and consent.
BIPA's private right of action has been a significant deterrent for biometrics companies, allowing users to sue for damages in cases of non-compliance.