On Friday, February 26, 2021, U.S. District Court Judge, Judge Donato approved a $650 million settlement of the privacy lawsuit against Facebook for allegedly using photo face-tagging and other biometric data without the consent of its users. This is one of the largest settlements for a privacy violation to date in the United States. We previously discussed this case last year in the blog post titled, “Class Actions and Privacy Laws – Could Facial Recognition Technology Be Changing the Face of the “injury-in-fact” Requirement for Class Actions?” As previously discussed, in the earlier post of February 2020, this class action was significant because of the standing issues it raised related to the “injury-in-fact” requirement under Article III of the Constitution.

Despite Facebook’s protestations, the Ninth Circuit ruled that the plaintiffs alleged a concrete and particularized harm sufficient to confer Article III standing and affirmed class certification. “Specifically, the panel concluded that the development of a face template using facial recognition invades an individual’s privacy and concrete interests.” Patel et al. v. Facebook, Inc., 932 F.3d 1264, 1273 (9th Cir. 2019).  As a result, Facebook was arguably left with few alternatives but to settle. This ruling and subsequent settlement is significant given that the Ninth Circuit appears to have paved the way for future rulings holding that the taking and loss of one’s private biometric data can constitute actual harm.  Therefore, companies that use facial recognition technology and other biometric data collection should put safeguards in place to guard against litigation risks; otherwise, they may face potential exposure in this growing area of privacy law litigation.