Ever wonder how Facebook is able to accurately guess who to tag in your pictures? It turns out its system of doing that might be illegal, at least in Illinois. Three residents of the state recently filed a lawsuit against the social media giant, claiming that the site’s facial recognition methods broke the law. The actual law in question is the Illinois’ Biometric Information Privacy Act (BIPA), which limits how private companies can use biometric data. The three users, Nimesh PatelAdam Pezen, and Carlo Licata, claim that Facebook illegally scanned their facial geometry and stored the information without their consent.

The statute aims to protect individuals from the “heightened risk of identity theft” of compromised biometric data, which includes fingerprints and scans of other physical features. The reasoning is that while information like credit cards and social security numbers can be changed, biometric data is forever linked to a specific person.

The case started in Illinois, but then moved to California. Facebook then tried to get the case tossed, saying that BIPA isn’t applicable, as California law governs the site. They also argued that BIPA doesn’t even cover their actual methods. Facebook’s method of tagging people’s faces in pictures involves measuring distances between facial features. They claim that does not fall under BIPA’s definition of a “biometric identifier.”

U.S. District Court Judge James Donato disagreed, saying that the Illinois law did apply, and that BIPA’s definition, which includes a “scan of hand or face geometry,” was sufficient enough to at least allow the claim. Judge Donato said that a trial will determine whether the facts of the case fall within BIPA’s definition.

[image via Shutterstock]

Tags: biometric data, facebook, facial recognition