Meta's $1.4 Billion Texas Biometric Settlement
August 8, 2024
Privacy Plus+
Privacy, Technology and Perspective
This week, let’s highlight Texas’s recent $1.4 Billion settlement with Meta stemming from its 2022 lawsuit accusing Meta of violating the Texas Capture or Use of Biometric Identifier Act (CUBI) and the Texas Deceptive Trade Practices Act (DTPA).
The Complaint:
The Complaint against Meta (formerly, Facebook) was based on allegations that Facebook unlawfully captured the biometric identifiers of Texans for a commercial purpose without their informed consent, disclosed those identifiers to others, and failed to destroy the collected identifiers within a reasonable time, all in violation of CUBI and the DTPA.
In the complaint, the state focused on Meta’s development of an “Artificial Intelligence empire on the backs of Texans,” alleging this “omnipresent empire was built on deception, lies, and brazen abuses of Texans’ privacy rights—all for Facebook’s own commercial gain.” “Texans who used Facebook social-media services were oblivious to the fact that Facebook—without their permission—was capturing biometric information from photos and videos that users had uploaded for the sole purpose of sharing with family and friends.” Even non-users’ biometric information was captured and exploited by Facebook, according to the complaint. “There can be no free pass for Facebook unlawfully invading the privacy rights of tens of millions of Texas residents by misappropriating their data and putting one of their most personal and valuable possessions—records of their facial geometry—at risk from hackers and bad actors all to build an AI-powered virtual-reality empire.”
You can review the complaint in its entirety by clicking on the following link:
The Settlement (along with our thoughts):
In 2020, we wondered when the Texas Attorney General (AG) would wake up to the potential windfall associated with the enforcement of CUBI. You can read that post, entitled “Go Ahead and Mess with Texas—The AG Won’t Mind?,” by clicking on the following link:
https://www.hoschmorris.com/privacy-plus-news/biometric-law-enforcement
It’s now 2024, and this is the first CUBI settlement. You can review the press release issued by the Texas Attorney General’s Office by clicking on the following link:
By contrast, consider the BIPA litigation tracker – now 44 single-spaced pages of cases and settlements, all brought by or on behalf of Illinois consumers under Illinois’ Biometric Information Privacy Act (BIPA).* To download that list, click on the following link:
https://www.stopspying.org/bipa-litigation-tracker
Consider also the billions previously paid by Meta for privacy violations, which, in fact, were referenced in the Texas complaint cited above.
Rather than offer duplicative commentary, we commend this post by the Electronic Frontier Foundation:
Its most important point, we think, is that this Texas settlement does little to take down the “Artificial Intelligence empire,” which Meta allegedly “built on the backs of Texans.” It requires payment for Meta’s past acts, and confirms CUBI’s notice-and-consent model going forward, but doesn’t actually require Meta to dismantle what Meta has built to date. In contrast, the Federal Trade Commission's approach of ordering the destruction of models trained on illegally collected data is noticeably more stringent.
It’s an interesting result when $1.4 billion can’t buy a trustworthy AI system. What will be the ultimate cost?
* Note that BIPA was amended this week to narrow liability—now, companies can only be liable for a single violation per person, rather than for each time biometric data is allegedly misused. For more on that development, you can click on the following link:
---
Hosch & Morris, PLLC is a boutique law firm dedicated to data privacy and protection, cybersecurity, the Internet and technology. Open the Future℠.