A Tale of Two (Small) Victories

Elizabeth M. Renieris
Berkman Klein Center Collection
3 min readFeb 7, 2020

What BIPA and SyRI-related developments tell us about the future of privacy

Photo by Annie Spratt on Unsplash

Despite an otherwise dystopian start to 2020, there have also been a few glimmers of hope in the early weeks of the new decade. These recent developments light a path forward in an otherwise dark digital future and remind us that the solution to our present woes may be hiding in plain sight.

Much of this hope stems from a small (< 1500 words) but mighty piece of legislation — the Illinois Biometric Protection Act or BIPA. BIPA prevents companies from collecting the biometrics of individuals without their prior informed written consent and prohibits the sale and profiteering off of biometric information.

In January, the Supreme Court denied Facebook’s petition to hear Patel v. Facebook, in which the plaintiffs alleged that Facebook’s facial recognition-enabled photo tagging suggestion tool violated their rights under BIPA. While Facebook argued that plaintiffs could not demonstrate a concrete injury, the Ninth Circuit found that the mere collection of the plaintiff's biometric information was a sufficient harm under the statute (i.e. an injury-in-fact). Approximately one week later, the tech giant agreed to settle the case for a record $550 million.

Patel may just be the tip of the iceberg in terms of BIPA-related litigation and class actions, which are proliferating. For example, controversial facial recognition startup Clearview AI is facing multiple class-action lawsuits under similar allegations that it violated plaintiffs’ rights under BIPA by scraping “publicly available” images of the individuals off of sites like Twitter, Google, and Facebook, among others. To date, at least three actions have been filed.

Incidentally, some of the sites whose images were scraped have responded with cease and desist letters to Clearview AI, demanding the images be taken down or deleted — demands predicated on alleged violations of their own terms and conditions (Facebook was the last to follow suit, perhaps because Facebook’s story literally started with the unauthorized scraping of images via its predecessor site Facemash). Nevertheless, the more interesting and relevant battles are happening in the courtroom and not in some white-shoe law firm’s…

Elizabeth M. Renieris
Berkman Klein Center Collection

Founder @ hackylawyer | Fellow @ Berkman Klein Center for Internet & Society | Fellow @ Carr Center at Harvard |CIPP/E, CIPP/US | Privacy, Identity, Blockchain