SAN FRANCISCO (CN) — A federal judge is allowing class privacy claims to continue against Meta from a class of Illinois consumers who say Meta took their voiceprints without permission in violation of an Illinois biometric privacy law.
The named plaintiff Natalie Delgado is an Illinois citizen who says that Meta took her voiceprint — a digital representation of a person's unique voice characteristics — without complying with the requirements of Illinois’ Biometric Information Privacy Act.
Delgado claims that Meta uses the audio input into Facebook or Messenger to create encoded data of the speaker’s voice, and that that data is then processed with an acoustical model that is then trained and further refined using the voice of a particular speaker such that the acoustical model can be used to recognize that user by voice.
Meta moved to dismiss the case, arguing that California law, not Illinois law, applied because the terms of service Delgado agreed to when she used Meta’s products contain a California choice-of-law clause.
U.S. Senior District Judge Susan Illston found in her 16-page opinion that Illinois had a materially greater interest in the outcome of the case than California, so Illinois law applies.
Illston cited 2015’s In re Facebook Biometric Information Privacy Litigation as precedent for using Illinois law, writing that many courts across the country have cited the case when applying Illinois law rather than the state law provided for in various technology companies’ user agreements when choice-of-law conflicts arise.
The plaintiffs in that case claimed that Facebook used facial recognition technology to extract and store users' biometric identifiers without their written consent in violation of the biometric privacy act. The case ended in a $650 million settlement in 2021.
“If California law is applied, the Illinois policy of protecting its citizens’ privacy interests in their biometric data, especially in the context of dealing with “major national corporations” like Facebook, would be written out of existence,” Illston wrote. “Illinois will suffer a complete negation of its biometric privacy protections for its citizens if California law is applied. In contrast, California law and policy will suffer little, if anything at all, if BIPA is applied.”
Illston wrote that Meta had failed to address the act in any cases it cited.
“Defendant instead relies on various cases analyzing consumer protection laws. But those cases provide little guidance to this court regarding BIPA’s application,” she wrote.
Even if BIPA applies, Meta had argued that Delgado has not plausibly alleged that Meta collected her voiceprint as opposed to her voice recording, or that the company has profited off of the use of her biometrics or failed to store and protect the data properly. Meta claims that a voiceprint is “something more” than a voice recording under the act, and Delgado must prove that Meta actually used the voiceprint.
Illston wrote that Meta’s arguments amounted to a heightened pleading standard, which wasn't appropriate at this stage of the case.
“The court disagrees with defendant that plaintiffs must specifically allege that defendant, in fact, ‘used’ their biometric data to determine their identities. Instead, plaintiffs must allege that defendant’s collection of their biometric data made defendant capable of determining their identities,” Illston wrote.
Illston did toss class claims that Meta does not properly protect private data once collected and leaves the data open to cyber-attacks, however, because the class has not put forward any evidence that ties to how Meta stores their biometric information, ill-gotten or otherwise, violating a section of the act that requires companies protect biometric information from disclosure
“The complaint provides no allegations regarding how Meta stores biometric data or how its practices fail to comply with the reasonable standard of care. Without more, the fact that a company has been and may again be subject to cyber-attacks does not make it plausible that the company has violated an industry-wide standard of care for purposes of Section 15(e) of BIPA,” Illston wrote.
Delgado first sued in federal court in California in August 2023 on behalf of herself and a putative class consisting of all natural persons in Illinois from whom Meta created, collected, captured, received, obtained or stored digital voice data, voice characteristics and/or a voice profile. Delgado, on behalf of the proposed class, seeks statutory damages under the act, an injunction and attorneys’ fees and costs.
Subscribe to Closing Arguments
Sign up for new weekly newsletter Closing Arguments to get the latest about ongoing trials, major litigation and hot cases and rulings in courthouses around the U.S. and the world.
Additional Reads
-
Supreme Court takes up prescription dog food, CBD products April 29, 2024 -
Federal labor law could be completely upended by this summer April 29, 2024
