We here at Revision Legal have written extensively about the need for businesses to protect consumer privacy with respect to data. Businesses are required to keep private consumer data secure from hacking and cybercriminal activity, and they must avoid collecting and misusing consumer data in violation of privacy laws and regulations. Some recent news with respect to settlements of class action lawsuits illustrates the point.
First, as reported here, Facebook — now called Meta — has agreed to pay $90 million to settle a class action lawsuit filed nearly 10 years ago alleging that Facebook marketed a browser plug-in that allowed Facebook to track consumers online even after consumers logged off from the Facebook website. As reported, Facebook properly obtained user consent to track users’ visits to third-party sites while logged into Facebook. However, Facebook’s Terms of Service indicated that tracking would cease when a user logged off. But, as alleged in the lawsuit, Facebook continued to collect user online usage data even after log-out.
Facebook was also charged with violating the federal Wiretap Act which prohibits individuals and businesses from intercepting communications between others without consent. Federal courts had previously ruled that Facebook was not a party to the communications and, thus, was required to have consent from its users to track internet use data.
As part of the settlement, Facebook has also agreed to segregate and delete the data that was unlawfully collected.
Second, as reported here, last year, Facebook agreed to pay $650 million to settle a class action case involving Facebook’s use of biometric data in violation of the Illinois Biometric Information Privacy Act (“BIPA”). The class action alleged that Facebook used facial recognition and other software to collect and harvest consumer biometric data — such as facial geometry and fingerprints — without consent and without disclosing the use of the data. Facebook also allegedly used similar technology to scan uploaded photos to harvest facial prints of non-users in violation of the BIPA.
As can be seen, Facebook’s violation of consumer privacy and unlawful data collection practices have been very expensive. It should be noted that Facebook continues to face lawsuits and actions from State governments with respect to these and other privacy violations.
In other news, as reported here, the Illinois Supreme Court has held that violations of the BIPA are NOT covered by Illinois workers compensation laws. Many employers have been sued under the BIPA for collecting biometric data like fingerprints without proper consents and disclosures. The employers argued that workers could not sue directly because such claims were preempted by the Illinois workers compensation regime. The Illinois Supreme Court rejected the argument. The court held that an invasion of a worker’s privacy was a distinct and different kind of injury than the physical and psychological injuries that are covered by workers’ compensation. If you have legal questions about consumer privacy, data security or other legal issues related to internet law, contact the trusted internet lawyers at Revision Legal at 231-714-0100.