Federal judge Nancy Rosenstengel rejected Apple Inc.’s motion to dismiss a class action alleging its facial recognition feature violates the Illinois Biometric Information Privacy Act (BIPA) but agreed that the district court lacks subject matter jurisdiction over portions of the complaint.
Plaintiffs Roslyn Hazlitt, Jane Doe, by and through next friend John Doe, Richard Robinson and Yolanda Brown filed the putative class action on March 2 against Apple Inc. in St. Clair County Circuit Court. Apple removed the class action to the U.S. District Court for the Southern District of Illinois on May 6. They argue that Apple violated BIPA by collecting, possessing and profiting from their biometric identifiers.
However, Rosenstengel concluded that the plaintiffs have standing for their claims because they allege Apple never received informed consent before collecting face geometries within the Photos app.
Apple’s alleged violation “would create a concrete, particularized injury to plaintiffs, as their power to make informed decisions about the collection and storage of their biometric data has been eroded,” she wrote.
Both Apple and the plaintiffs recognize that BIPA only applies to entities “in possession” of or who “collect” biometric identifiers. However, Apple argues that “collect” is defined as those who “gain or regain control of,” and the plaintiffs argue that it means bring the data together into one place.
“Under either definition, at this stage - taking all allegations as true and making all inferences in favor of plaintiffs - the court finds that plaintiffs state a plausible cause of action to survive Apple’s motion to dismiss,” she wrote.
“As the facts develop, it may be that Apple cannot access any data stored on the device via its software or otherwise,” she continued. “The court accepts as true plaintiffs’ allegations that Apple collected, possessed, and exercised exclusive control over the biometric data extracted from plaintiffs’ photos within the photos app, and that Apple did not obtain plaintiffs’ consent in doing so.”
Rosenstengel held that the plaintiffs’ claims that Apple possessed and profited from their individual biometric data because it sold devices based upon its facial recognition technology should be remanded to St. Clair County Circuit Court but added that the plaintiffs' make general claims.
“Plaintiffs’ allegations are devoid of any particularized or concrete injury,” she wrote. “Plaintiffs do not, nor could they, claim to be personally or individually affected by Apple selling devices based on the facial recognition technology in its Photos App.”
As to whether or not facial templates qualify as biometric identifiers, Rosenstengel held that “several courts have determined that scans of photographs for facial geometry do qualify under the definition of biometric identifier.”
“The definition of biometric identifier explicitly includes scans of face geometry, which plaintiffs allege Apple collected without consent,” she wrote.
Even if Apple correctly reads biometric “identifier” to exclude data that does not actually identify a person, the plaintiffs sufficiently allege that the facial scans qualify as biometric identifiers at this stage in litigation, she added.
“The definition of biometric identifier explicitly includes scans of face geometry, which plaintiffs allege Apple collected without consent,” she concluded.
She wrote that if Apple is correctly reading biometric “identifier” to exclude data that does not actually identify a person, the plaintiffs sufficiently allege that the facial scans qualify as biometric identifiers at this stage in litigation.
Rosenstengel also rejected Apple’s argument that “because the plaintiffs seek heightened statutory damages under BIPA, they must allege scienter supporting recovery for intentional and reckless conduct and have failed to do so.”
She wrote that other courts have held that mental states do not need to be alleged to make a plausible claim under BIPA.
“Plaintiffs allege that Apple continues to collect faceprints from Illinois residents in violation of BIPA more than eleven years after BIPA’s enactment. These allegations are sufficient to create an inference that the conduct was either negligent or reckless,” she wrote. “As other courts have established, the states of mind with regard to BIPA only relate to possible recovery for each violation, which is not yet before the court.”
The BIPA complaint against Apple was filed by attorney Jerome Schlichter of Schlichter Bogard & Denton LLP in St. Louis on behalf of the purported class
According to the complaint, the plaintiffs allege Apple violated BIPA by collecting, possessing and profiting from their facial geometries through facial recognition. They claim the Apple Photos app uses a proprietary software and facial recognition technology to scan facial features from photographs, creating a “faceprint” for every person detected “‘without the knowledge or informed written consent of’ the user or others who may appear in the photographs.”
The plaintiffs acknowledge that the Photos app uses “on-device processing,” but argue that Apple is liable because it provides the app.
The plaintiffs seek class certification, including “all Illinois citizens whose faces appeared in one or more photographs taken or stored on their own Apple Devices running the Photos App from March 4, 2015 until present.”
They seek injunctive relief, actual damages, $5,000 in statutory damages for each intentional and reckless BIPA violation, $1,000 for each negligent BIPA violation, attorney’s fees and court costs.
Apple filed a motion to dismiss the complaint on June 12 through attorney Raj Shah in Chicago. The defendant argued that the complaint is “devoid of factual allegations that Apple Inc. engages in any of the conduct against which the Illinois Biometric Information Policy Act protects: a private entity’s unauthorized collection, possession, and disclosure of individuals’ unique and personal ‘biometric identifiers’ or ‘biometric information.’”
Apple argued that the plaintiffs fail to plead that the defendant, the device or the Photos app links facial scans from photos to identifiable individuals. It added that device users have control over whether to tag people in photos.
The defendant further argued that the complaint fails to allege that it actually collects the information at issue. The complaint alleges the information is stored in the memory on the specific Apple device, the motion states.
“The plaintiffs therefore resort to tenuous and never before used theories of vicarious or secondary liability as a basis for their BIPA claims against Apple,” the motion stated. “The Illinois legislature imposed no such liability in enacting BIPA, and courts routinely dismiss claims against device manufactures and software developers that, like here, allege nothing more than the sale of technology which allegedly created biometric identifiers or biometric information during operation by the end-user.”
In her ruling, Rosenstengel noted that Apple removed the complaint under the Class Action Fairness Act and then sought dismissal under the same act, which she called “unusual positioning.”
U.S. District Court for the Southern District of Illinois case number 3:20-cv-421