Facebook Defeats BIPA Face-Scanning Lawsuit–Zellmer v. Meta
It’s unexpectedly turned into “BIPA Week” here at the Technology & Marketing Law Blog. 🥳 Yesterday, I blogged about an unsuccessful BIPA challenge to PhotoDNA. Today, I’m blogging about an unsuccessful BIPA challenge to Facebook’s friend-tagging feature. Despite the festivities, I don’t actually enjoy blogging BIPA rulings–and especially not this confusing one from TAFS Judge Nelson, who recently authored the jurisprudence-breaking Calise v. Meta opinion.
Facebook’s tagging feature creates a “face signature” hash value of people’s faces. The appeals court explains:
Face signatures do not—and cannot—reveal information about a face’s geometric information. And they neither reveal facial features nor the distances between them. They are simply numbers—an abstract, numerical representation of the aligned face crop created in previous stages. No one—not even Facebook—can reverse-engineer the numbers comprising a given face signature to derive information about a person. And even if the reverse-engineering of a face signature were technically possible, face signatures exist for only a tiny fraction of a second—they are neither saved nor stored after the final stage of the Tag Suggestions process.
The appeals court disagrees the district court’s analysis (although it reaches the same outcome) because “the district court’s decision turned on the practical impossibility of Meta’s complying with BIPA if it had to obtain consent from everyone whose photo was uploaded to Facebook before it could employ Tag Suggestions.” Instead, the appeals court says:
The only relevant question is whether Meta has collected or captured Zellmer’s biometric data without his consent. If it has, then it has violated BIPA—even if Meta lacks privity with Zellmer.
(All of this sidesteps the jurisdiction, dormant commerce clause, and First Amendment implications of Illinois passing a law that putatively regulates biometric information globally).
Nevertheless, the appeals court agrees that there’s no statutory violation. The appeals court analyzes the “statutory text” definition of “biometric identifiers.” It says if “biometric data cannot identify an individual, it is not an identifier and thus not covered by BIPA….scans of face geometry fall within BIPA’s list, but are not covered by BIPA if they cannot identify a person.”
The court explains:
we conclude that the ordinary meaning of “identifier”—since it has an -er suffix—is “one that identifies.” We are persuaded that the term’s ordinary meaning informs its statutory meaning. As in Bond, where the statute’s reach was limited by the term’s ordinary meaning despite a statutory definition, applying the ordinary meaning of “identifier” would ensure that Meta is not forced to abandon key services that it offers its customers or risk perpetual liability. As Zellmer recognizes, these are the only two paths forward under his reading of the statute.
The appeals court makes two important jurisprudential moves in this passage. First, it deploys a modified textualist interpretation, overriding the statutory definition using “ordinary meaning” from a dictionary. Second, the appeals court bases its conclusion on policy considerations–ironically, the exact same considerations expressed by the district court that this court says got it wrong. 🤷‍♂️
The appeals court continues:
Meta argues that the undisputed evidence shows that face signatures cannot identify non-users. Given our interpretation of “biometric identifiers” and the “biometric information” derived from them, if Meta is correct, then face signatures are not biometric identifiers or information under BIPA.
The plaintiff pointed to several ways that face signatures in fact could identify individuals, all to no avail:
That a face signature can predict a person’s gender limits the pool of potential matches to approximately 50% of the population; this fails to identify anyone. Nor is a person’s age—standing alone or together with his or her gender—able to identify a person. Nor is the gender-identification always accurate: Zellmer himself erroneously matched to a woman from the face signatures that Meta created. As for the recognizable indicator being turned on, this means only that the image can advance to the standardization phase—Meta’s process for determining whether it can create a face signature. Put differently, the recognizable indicator allows Meta only to identify that a particular image contains a face. But this does not mean that Meta can, from that face, identify a person. Nor do the coordinates within the photos that can map out the size of a person’s face show that Meta can, from those coordinates, identify an unknown person.
This opinion is not easy to understand, but I think this panel is distinguishing between what computer scientists mean by “identifiable” and what data judges think qualifies as “identifiers.” Computer scientists can reidentify individuals with small but disparate scraps of data, including gender and age. This panel seems to be saying that a face signature doesn’t “identify” a person unless it does so without being combined with any other datasets. If that’s the test, then very few types of data will qualify as identifiers. But that interpretation would be wholly discordant with the computer scientists’ understanding of this issue.
It also ignores the modern reality that datasets are routinely combined. For example, if Facebook has a face signature of a non-accountholder, it can still combine that face signature with other data (say, the caption that the accountholder added to the uploaded photo) to identify the individual.
For that reason, I think this holding may break with that precedent. For example, in Rivera v. Google, the court defined “identifier” as data that can be used to identify a person. The appeals court seems to think that this language supports its conclusion that the data must “identify” the individual, when there is a technological (and I believe legal) distinction between “identify” and “can be used to identify.” Or maybe the judges still don’t understand why those two standards are in fact different?
The net consequence is that Facebook’s face signatures don’t violate BIPA. I’m not exactly sure how other courts will read this confusing opinion. If it stands, it will likely undermine many other BIPA cases as well because a lot of biometric data doesn’t identify the subject on a standalone basis.
Separately, BIPA has a records deletion obligation. The opinion also handles this in a confusing manner, saying the plaintiff doesn’t have standing to sue for alleged violations of that obligation because it’s linked to a violation of the identification obligation the court just said wasn’t violated. I’m not sure why the court relied on the standing doctrine if the case failed to satisfy the prima facie elements–it seems like the opinion conflates the two.
Because BIPA is an Illinois state statute, ordinarily the Ninth Circuit is not viewed as the leading expert on its interpretation. So I’ll be interested to see how influential this opinion becomes. If other courts try to follow it, I think BIPA litigation will slow down a lot. If other courts distinguish it, we could be on a path towards a circuit split that requires clarification from the Illinois Supreme Court or the U.S. Supreme Court.
Case Citation: Zellmer v Meta Platforms, Inc., 2024 WL 3016946 (9th Cir. June 17, 2024).
Selected BIPA Blog Posts
- Will Biometric Privacy Laws Undermine the Fight Against CSAM?–Martell v. X
- Do Mandatory Age Verification Laws Conflict with Biometric Privacy Laws?–Kuklinski v. Binance
- Illinois Supreme Court Authorizes Biometric Lawsuits Without Any Allegation of Harm–Rosenbach v. Six Flags
- Google Photos Defeats Privacy Lawsuit Over Face Scans–Rivera v. Google
- Illinois Users’ Face-Scanning Privacy Lawsuit Against Facebook Headed to Trial
- Face Scanning Lawsuit Against Shutterfly Survives Motion to Dismiss
- Facebook Gets Bad Ruling In Face-Scanning Privacy Case–In re Facebook Biometric Information Privacy Litigation
- Shutterfly Can’t Shake Face-Scanning Privacy Lawsuit