Facebook, Inc. (“Facebook”) amassed one of the most extensive facial- template databases in the world through the use of facial-recognition technology. However, Facebook is not alone; both private and public sector entities are heavily investing in improving their facial-identification technology. Facial geometry data are unique to each person and can be used to identify an individual. Once a facial image has been captured and stored in a facial-template database, “the individual has no recourse” because one cannot change facial geometry as quickly as a password or a social security number.
Although companies may use facial-recognition technology for valid purposes, uses of facial-recognition technology to target specific groups raise “questions around abuse, consent, weaponization, and discriminatory uses of this technology.” From a privacy standpoint, the potential use of facial-recognition technology to search against millions of photographs without the consent of “law-abiding citizens is a major privacy violation.” These concerns have fueled an increase in data privacy legislation as well as litigation, such as Patel v. Facebook, Inc.
Patel v. Facebook, Inc.: The Collection, Storage, and Use of Biometric Data as a Concrete Injury under BIPA, 50 Golden Gate U. L. Rev. 61