A federal appeals court has given the go-ahead to a class action lawsuit that claims Facebook face recognition for photos is illegal in Illinois…

Facebook applies face recognition to uploaded photos in order to suggest friends to tag. When you tag someone in one or more photos, Facebook will attempt to recognize that face in other photos to offer tag suggestions.

A group of Facebook users from Illinois claimed as long ago as 2015 that this was illegal in the state, violating the Biometric Information Privacy Act. Progress since then has been slow. It took until 2018 to get the case certified as a class action suit, but Facebook appealed, claiming that each case was unique and must be heard individually.

Reuters reports that Facebook’s argument has now been dismissed, allowing the class action suit to proceed.

Facebook had also argued that it had no case to answer.

The 3-0 decision from the 9th U.S. Circuit Court of Appeals in San Francisco over Facebook’s facial recognition technology exposes the company to billions of dollars in potential damages to the Illinois users who brought the case […]

“This biometric data is so sensitive that if it is compromised, there is simply no recourse,” Shawn Williams, a lawyer for plaintiffs in the class action, said in an interview. “It’s not like a Social Security card or credit card number where you can change the number. You can’t change your face.”

But Circuit Judge Sandra Ikuta ruled that it should proceed.

Although the law allows for relatively small amounts of damages, these would apply for every single tag suggestion, so the potential total sum could run into billions of dollars.

The court returned the case to US District Judge James Donato in San Francisco, who had certified a class action in April 2018, for a possible trial.

Illinois’ biometric privacy law provides for damages of $1,000 for each negligent violation and $5,000 for each intentional or reckless violation.

Facebook was recently fined a record $5 billion by the US Federal Trade Commission for the Cambridge Analytica scandal and other privacy breaches — a sum equivalent to around 9% of the company’s 2018 revenue.

Photo: Shutterstock