A California federal judge approved a class action settlement on Feb 26th, pursuant to which Facebook is ordered to pay $650 million for violating Illinois privacy laws through a lawsuit filed in 2015. Still, this astronomical settlement might not even touch Facebook’s monetary bottom line.
The order from Judge James Donato will compensate nearly 1.6 million Illinois class members by at least $345, pending a final accounting of claims and expenses, with them receiving the funds “as expeditiously as possible.” Jay Edelson, a Chicago attorney who filed the lawsuit, told the Chicago Tribune that the checks could be in the mail within two months unless there is an appeal over the ruling.
In his decision, Judge Donato called it one of the largest privacy settlements ever and a “landmark result,” one of the largest settlements ever for a privacy violation. Continuing that it was “a major win for consumers in the hotly contested area of digital privacy.”
The Class action lawsuit started six years ago when Edelson sued Facebook, alleging it illegally collected biometric data to identify faces in violation of a 2008 Illinois privacy law—the Biometric Information Privacy Act (BIPA). This law requires companies gathering biometric information to obtain the specific consent of the user. It is one of the strictest such laws in the U.S. Similar laws have subsequently passed in Washington and Texas. Still, the BIPA remains the only law in the U.S. that allows private individuals to file for damages stemming from a violation. This damages provision prompted several class-action lawsuits, the first of which came on December 1, 2016, when a Cook County, Illinois judge approved a settlement for $1.5 million in a class-action lawsuit against L.A. Tan Enterprises, Inc. Each person filing a claim received between $125 and $150.
The action against Facebook alleged that the company did not acquire consent before gathering biometric information. Specifically, they alleged that Facebook’s practice of tagging people in photos using facial recognition without their consent violated state law. The case moved to Chicago federal court, then California federal court, where it got its class-action status.
The “class” included about 6.9 million Illinois Facebook users who had had a face template of themselves created and stored by Facebook after June 7, 2011. To join the class action, Facebook users needed to have been residents of the state of Illinois for at least six months over the last nine years. In all, nearly 1.6 million claim forms, translating to approximately 22% of eligible Illinois Facebook users, were submitted by the Nov. 23 cut-off date.
Out of the $650 million, Donato awarded $97.5 million in attorneys’ fees and about $915,000 in expenses, though, to be fair, they had been working on the case for six years. The court allocated $5,000 to each of the three named plaintiffs, with the rest being divided among all class members equally. In a statement to Agence France-Presse news agency, a Facebook spokesperson said, “we are pleased to have reached a settlement so we can move past this matter, which is in the best interest of our community and our shareholders.”
The automatic facial recognition tagging features were disabled by Facebook and made optional in 2019, tackling some privacy criticisms raised in the Illinois suit. Lawsuits were also lodged against Microsoft, Alphabet, and Amazon in July 2020, accusing them of breaking the same law.
As representatives at the federal and state level wrestle with potential measures to rein in big tech, the Illinois law gives one potential framework that other states could copy. A mish-mash of aggressive state laws governing how tech companies do business on a state-by-state basis is a regulatory future that could prove quite daunting for the big tech giants.