Vimeo Is Storing Your Face Without Your Knowledge Claims Illinois Suit

On October 31, plaintiff Bradley Acaley filed a class action complaint against Defendant, Vimeo (Bradley Acaley v. Vimeo, Inc. 1:19-cv-07164), a video platform, for violating the Illinois Biometric Information Privacy Act (BIPA). The complaint alleged Vimeo’s illegal actions in collecting, storing, and using Plaintiff’s biometric identifiers and information without his written consent. According to the Illinois Legislature, “biometrics are unlike other unique identifiers that are used to access finances or other sensitive information … For example, social security numbers, when compromised, can be changed. Biometrics, however, are biologically unique to the individual; therefore, once compromised, the individual has no recourse, is at heightened risk for identity theft, and is likely to withdraw from biometric-facilitated transactions.”

The suit defines a biometric identifier as, “any personal feature that is unique to an individual, including fingerprints, iris scans, DNA and ‘face geometry,’ among others. Biometric information is “any information captured, converted, stored, or shared based on a person’s biometric identifiers used to identify an individual.”

The BIPA provides that a private entity like Vimeo may not obtain and/or possess an individual’s biometrics unless it meets certain criteria, which Vimeo did not meet.  These criteria include informing the individual in writing and receiving written release from the individual. The complaint states that Vimeo created, collected and stored thousands of face templates in Magisto, its cloud-based video editing service. The suit defines face templates as “highly detailed geometric maps of the face” from Magisto users. “Vimeo creates these templates using sophisticated facial recognition technology that extracts and analyzes data from the points and contours of faces that appear in photos and videos taken on mobile devices and uploaded to the Magisto app.” Acaley sued to enjoin Vimeo from further privacy violations and for recovery damages.

Magisto worked by having users upload videos and pictures to its platform; it would use artificial intelligence (AI) to analyze the content to edit the video. Magisto collected and stored thousands of ‘face templates’ from users for visual analysis. Acaley claims that through biometrics the platform was able to recognize his gender, race, age, and location without his permission. 

Vimeo is not the only tech platform that has been sued for biometric violations, Facebook faced a suit in 2015 regarding its use of biometrics, used as facial recognition to suggest friends to tag in photographs. The suit could cost Facebook billions in damages to the Illinois plaintiffs. Reuters reported that the 3-0 decision in the 9th U.S. Circuit Court of Appeals in San Francisco rejected Facebook’s motion to undo the class action over its use of facial recognition technology. Facebook could face billions of dollars in damages. Illinois biometric privacy law provides for damages of $1,000 for each negligent violation and $5,000 for each intentional and reckless violation. This class action could include 7 million Facebook users.