Texas: Meta to pay $1.4 billion for use of facial recognition
Facebook’s parent company Meta has agreed to settle a lawsuit in Texas for the sum of $1.4 billion. Texas Attorney General Ken Paxton announced the settlement on Tuesday. He had accused the company of illegally collecting and using the biometric data of millions of users.
At the center of the lawsuit was a now-discontinued feature on Facebook that automatically recognized users in photos and suggested them for tagging. The site first tested the tool in 2010 and officially introduced it the following year. At that time the feature was automatically activated on all users’ accounts.
Thanks to its new feature, Facebook was able to compile a massive databank of biometric data. In November 2021 the company shut down the feature worldwide – declaring at the time that as part of the measure it would “delete more than a billion people’s individual facial recognition templates.” Biometric data like the data taken from photos of a person’s face is especially sensitive, because it cannot be changed. Data of this kind can be used to identify a person throughout their life.
Texas criticizes violations of law
In February 2022 Texas attorney general Paxton filed suit against Meta for its use of the facial recognition system and accused the company of capturing biometric data from millions of Texans without their consent. The company had done so, the lawsuit alleged, in violation of Texas’s Capture or Use of Biometric Identifier Act, which requires companies to obtain consent before collecting or using such data. The company also ran afoul of the state’s Deceptive Trade Practices Act.
“Unbeknownst to most Texans, for more than a decade Meta ran facial recognition software on virtually every face contained in the photographs uploaded to Facebook,” the attorney general’s office wrote in a Tuesday press release.
Meta dismissed the charges as baseless when the suit was first filed. Following the announcement of the settlement, a spokesperson for the company told Reuters that the company was “pleased to resolve the matter.” Meta “has continued to deny any wrongdoing,” Reuters reports.
“Largest settlement ever obtained”
According to the Texas attorney general’s office, the company will pay the $1.4 billion to the state over a period of five years. The penalty represents “the largest settlement ever obtained from an action brought by a single state” in a case involving data privacy. The previous largest settlement came in a 2022 case, when Google agreed to pay $392 million to a group of 40 states. Attorney General Paxton called the settlement announced Tuesday “historic.”
The Electronic Frontier Foundation (EFF), a civil liberties organization, cheered the settlement but added in a statement that “it also highlights the need to give consumers their own private right of action to enforce consumer data privacy laws.” In Texas only the attorney general has the authority to enforce the state’s law governing the capture of biometric data. The law has been in effect since 2001, but has not been publicly enforced until now. “State regulators do not always have the resources or the will to aggressively enforce consumer privacy laws,” the EFF writes. “That is why consumers should be empowered to bring lawsuits on their own behalf.”
The EFF also criticizes the settlement for not requiring Meta “to destroy any models or algorithms trained on Texas biometric data” – a measure the state initially sought when it filed the lawsuit.
This most recent settlement is now the second that Meta has agreed to in the US in connection with its facial recognition feature: in 2020 the company paid $650 million to settle a class action suit in Illinois. Like Texas, the state has a law prohibiting companies from collecting and processing biometric data without individuals’ consent.
Years of criticism
Facebook’s facial recognition feature met with criticism in other countries as well. After the tool was first introduced in 2011, Johannes Caspar, who at the time was Commissioner of Data Protection in Hamburg, Germany, said that it violated both European and German data protection law. It was alarming, Caspar wrote, that behind the scenes Facebook was building up a data bank for the purposes of facial recognition. He demanded that Facebook delete the biometric data it had collected.
That same year, Caspar announced plans to take legal action against Facebook.
The company removed the feature in Europe in 2012, only to reintroduce it six years later. Now European users had to first activate the feature and consent to the processing of their biometric data, as required by the EU’s General Data Protection Regulation, which went into effect in 2018.
But the criticism didn’t stop: after the feature was reintroduced, Caspar again raised the alarm, saying that the technology made it possible to automatically identify and track individual users, and to create in-depth profiles. Furthermore, noting that some people had multiple accounts on social media, Caspar pointed out that facial recognition made it possible to link these accounts against those users’ will.
When it shut down the feature worldwide in 2021, Meta cited “growing societal concerns” about facial recognition. (dpa / js)