Case Analysis: Boone, et al. v. Snap, Inc.

Published on: | by

Boone, et al. v. Snap, Inc. is a significant case concerning biometric privacy and the application of the Biometric Information Privacy Act (BIPA) to social media platforms. The lawsuit alleges that Snap, Inc., which is the parent company of Snapchat, unlawfully collected, stored, and used biometric data without obtaining user consent, violating BIPA. This case is part of a broader trend of increasing litigation against tech companies over biometric data privacy concerns. This report provides an in-depth case analysis such as its background, legal arguments, court proceedings, and potential legal implications.

Case Background

Plaintiffs’ Claims

The plaintiffs alleged that:

  • Snap, Inc.’s Lenses and Filters feature captures users’ facial geometry without prior consent.
  • The company failed to provide users with a publicly-available written policy outlining data retention and destruction policies, as required by BIPA.
  • Users were not informed about how their biometric data was being collected, used, and stored.
  • Snap, Inc. profited from biometric data by utilizing it to enhance its advertising and facial recognition technology.

Snap, Inc.’s Defense

Snap has defended itself by arguing that:

  • Snapchat’s Lenses and Filters do not store biometric data in a form covered by BIPA.
  • The technology functions on-device and does not retain users’ facial recognition data.
  • Users voluntarily use these features, implying consent.
  • BIPA does not explicitly apply to transient data processing methods.

Legal Issues and Arguments

1. Application of BIPA to Social Media and AI Technology

One of the primary issues in this case is whether BIPA applies to Snapchat’s AI-powered features that use facial mapping to generate augmented reality effects. If the court finds that Lenses and Filters involve biometric data collection, other social media platforms using similar technology could face heightened legal scrutiny.

2. Consent and User Awareness

BIPA requires informed written consent before collecting biometric data. Plaintiffs argue that Snap did not sufficiently disclose its biometric data practices, while Snap contends that voluntary use of the app’s features constitutes implicit consent. The outcome may set a precedent for what level of disclosure is required from companies using biometric technology.

3. Retention and Destruction Policies

BIPA mandates that companies must have publicly available policies detailing how biometric data is retained and when it will be deleted. If Snap Inc. did not comply, it could face liability for failing to provide necessary disclosures, even if it did not improperly store biometric data.

4. Potential Damages and Liability

BIPA allows for statutory damages of $1,000 per negligent violation and $5,000 per intentional or reckless violation. If Snapchat is found liable, damages could be substantial, particularly given its vast user base.

Legal Implications

1. Increased Scrutiny on Tech Companies Using Biometric Data

A ruling against Snap would reinforce BIPA’s broad applicability and further restrict how tech companies implement facial recognition and augmented reality features.

2. Need for Stronger Privacy Policies

If the court rules in favor of the plaintiffs, other companies using biometric-enhanced features (such as Meta, TikTok, and Google) may need to adopt stricter privacy policies and enhance transparency around data collection.

3. Expansion of Biometric Privacy Laws Beyond Illinois

BIPA remains the strongest biometric privacy law in the U.S., but this case may encourage other states to enact similar laws, leading to a wave of litigation against tech firms.

4. Potential Settlements and Financial Impact

If Snap chooses to settle, it could follow the path of Facebook’s $650 million BIPA settlement in 2020. A large settlement may set a precedent for how tech firms handle biometric data lawsuits moving forward.

Conclusion

Boone, et al. v. Snap, Inc. is a pivotal case in the realm of biometric privacy and social media. The outcome could clarify the application of BIPA to transient biometric data processing, impact how companies obtain user consent, and lead to further regulatory measures in biometric data collection.

With increasing legal challenges against companies using facial recognition and AI-powered enhancements, businesses must proactively assess compliance with biometric privacy laws to avoid litigation and financial penalties. The ruling in this case may serve as a benchmark for future privacy regulations and enforcement actions in the digital age. Please visit www.atrizadeh.com at your earliest convenience for more information.