In a class action lawsuit filed in the U.S. District Court for the Northern District of Illinois, Clearview Al Inc. faces allegations that it uses facial recognition technology that violates the Illinois Biometric Information Privacy Act (BIPA). The complaint alleged that Clearview scraped over three billion images from various social media platforms and other online sources to create a facial recognition database. However, BIPA requires businesses to provide notice to consumers and obtain consent before collecting biometric data. In response, Clearview argued that BIPA violates the First Amendment in that BIPA inhibits Clearview’s ability to collect, use, and analyze publicly-available information because the company’s analysis of public faceprints is protected speech.

This week, District Judge Sharon Johnson Coleman ruled against Clearview’s argument. Judge Coleman  found that, even though Clearview uses publicly-available photos from websites and social platforms in creating its database, it also yields unique biometric identifiers which are not publicly available. Clearview’s actions are both speech and non-speech conduct, implicating the First Amendment, but Judge Coleman held that BIPA is narrowly tailored to only protect highly-sensitive biometric data of Illinois residents and to allow residents to share their information with consent.

Therefore, Judge Coleman denied Clearview’s motion to dismiss under several state laws, but did dismiss claims of unjust enrichment under New York law, and  alter ego claims against the company’s co-founders.

The suit will continue and, as Judge Coleman suggested, Clearview could argue its position in a motion for summary Judgment after the parties have completed discovery.

Photo of Kathryn Rattigan Kathryn Rattigan

Kathryn Rattigan is a member of the Business Litigation Group and the Data Privacy+ Cybersecurity Team. She concentrates her practice on privacy and security compliance under both state and federal regulations and advising clients on website and mobile app privacy and security…

Kathryn Rattigan is a member of the Business Litigation Group and the Data Privacy+ Cybersecurity Team. She concentrates her practice on privacy and security compliance under both state and federal regulations and advising clients on website and mobile app privacy and security compliance. Kathryn helps clients review, revise and implement necessary policies and procedures under the Health Insurance Portability and Accountability Act (HIPAA). She also provides clients with the information needed to effectively and efficiently handle potential and confirmed data breaches while providing insight into federal regulations and requirements for notification and an assessment under state breach notification laws. Prior to joining the firm, Kathryn was an associate at Nixon Peabody. She earned her J.D., cum laude, from Roger Williams University School of Law and her B.A., magna cum laude, from Stonehill College. She is admitted to practice law in Massachusetts and Rhode Island. Read her full rc.com bio here.