Instagram Agrees to $68.5 Million Settlement in Landmark Illinois Biometric Privacy Lawsuit

Instagram, a subsidiary of Meta Platforms, has reached a settlement of $68.5 million to resolve a class-action lawsuit stemming from alleged violations of the stringent Illinois Biometric Information Privacy Act (BIPA). This landmark settlement highlights the growing challenges tech companies face in adhering to state-specific biometric privacy laws.

The Illinois Biometric Information Privacy Act, enacted in 2008, is known for its comprehensive protections and demands for user consent in the collection of biometric data, including facial scans. The lawsuit against Instagram asserts that the platform's facial recognition feature, active from 2015 to 2021, contravened this law by collecting biometric information without adequate consent. The settlement encompasses Instagram users who were active on the platform between August 10, 2015, and the present.

Instagram has defended its position, contending that its facial recognition feature does not align with the legal definition of "facial recognition" as stipulated by BIPA. However, the feature was discontinued in November 2021. Affected Instagram users have until September 27 to file claims, and the settlement amounts will be determined based on factors such as the number of claimants and the duration of their Instagram usage. Comparable to a recent Facebook settlement, some users could receive settlement checks of up to $425. The final approval hearing for the settlement is scheduled for October 11.

Precedents and Implications for the Tech Industry

‍The settlement underscores the impact of Illinois' biometric privacy law on tech giants. Notably, Google and Snapchat faced similar lawsuits in 2022, resulting in settlements of $100 million and $35 million, respectively. The substantial settlement amount for Instagram highlights the escalating legal and financial repercussions for companies that mishandle biometric data.

While Illinois' BIPA is a standout example, other states have also implemented biometric privacy laws, albeit with varying degrees of stringency. Several states have introduced legislation or are considering bills that align with the principles of BIPA. Tech companies operating in this evolving landscape must navigate complex regulatory frameworks to ensure compliance and safeguard user biometric data.

The $68.5 million settlement between Instagram and plaintiffs underscores the far-reaching implications of Illinois' Biometric Information Privacy Act and serves as a warning to other tech companies. As the biometric privacy landscape evolves, companies must remain vigilant in upholding user privacy and adhering to state-specific regulations, lest they face substantial legal penalties and reputational damage.