Texas AG Sues Meta For Biometric Data Collection

Meta has been slapped with another legal challenge, after Texas Republican attorney general Ken Paxton sued Facebook.

Paxton announced the lawsuit on Tuesday, alleging it captured and used biometric data of millions of Texans without their consent.

Concerns about Facebook and its facial recognition systems have been ongoing for the best part of a decade. In November 2021, Facebook finally closed down the use of facial recognition on its platform. It said it would delete individual facial-recognition templates for more than 1 billion people.

Texas lawsuit

But this has not stopped Texas attorney general Ken Paxton alleging in his lawsuit that Facebook has been storing millions of biometric identifiers contained in photos and videos uploaded by friends and family, who then used the social media app and its photo-tag suggestion tool.

The Texas AG alleged that this illegal activity, allowed Facebook to “exploit the personal information of users and non-users alike to grow its empire and reap historic windfall profits.”

The Texas AG alleged Meta “repeatedly captured biometric identifiers without consent billions of times, in knowing violation of Texas’ Capture or Use of Biometric Identifier Act and the Deceptive Trade Practices Act.”

“Facebook will no longer take advantage of people and their children with the intent to turn a profit at the expense of one’s safety and well-being,” said Paxton.

“This is yet another example of Big Tech’s deceitful business practices and it must stop. I will continue to fight for Texans’ privacy and security,” he added.

According to the lawsuit, Texas can enforce a civil penalty of up to $25,000 per violation of Texas’ Capture or Use of Biometric Identifier Act for each unlawful collection of a biometric identifier, disclosure of that data to a third-party, and failure to destroy the data in a timely manner.

The state’s Deceptive Trade Practices Act meanwhile has fine an additional $10,000 penalty per violation.

This means that if Meta were to lose, it could be facing billions of dollars in damages.

Decade of concern

This is not the first time that Facebook has been sued over its face recognition system.

Concerns about Facebook’s facial recognition first began to surface in 2011, but it wasn’t until September 2012 when Facebook, after investigation by the Office of the Data Protection Commissioner in Ireland, voluntarily removed its face recognition software in Europe.

It did so after the practice was deemed illegal, because it stored biometric data without users’ explicit consent.

But in 2018, Facebook took the introduction of the General Data Protection Regulation (GDPR) as an opportunity to reintroduce a controversial facial recognition for European users.

It gave users a single check box to tick to accept its use, but also gave users the option of clicking a “don’t allow” button to exclude the feature.

Meanwhile, Facebook’s decision to suspend facial recognition in 2012 for European users, and not US users, triggered a lawsuit in 2015 in Illinois.

The social networking giant was sued when Illinois users accused Facebook of violating that state’s Biometric Information Privacy Act in collecting biometric data.

The lawsuit began because of Facebook’s “Tag Suggestions” feature, which allowed users to recognise their Facebook friends from previously uploaded photos.

The lawsuit was filed in Illinois because its biometric privacy law provides for damages of $1,000 for each negligent violation and $5,000 for each intentional or reckless violation.

In August 2019, Facebook failed to quash the class action lawsuit, and in January 2020 it opted to end the lawsuit after it reached a $650 million settlement.