An Illinois federal court has dismissed a proposed class action alleging X Corp. violated the state’s Biometric Information Privacy Act (“BIPA”) through its use of PhotoDNA software to create “hashes” of images to scan for nudity and related content. The court held that Plaintiff failed to allege that the hashes identified photo subjects and therefore failed to allege that the hashes constituted biometric identifiers. Martell v. X Corp., 2024 WL 3011353, at *4 (N.D. Ill. June 13, 2024).
BIPA prohibits private entities from collecting or capturing “a person’s or a customer’s biometric identifier or biometric information” without first obtaining the subject’s informed consent, among other requirements. 740 ILCS 14/15(b). BIPA defines “biometric identifier” as “a retina or iris scan, fingerprint, voiceprint, or scan of hand or face geometry” and defines “biometric information” as any information “based on an individual’s biometric identifier used to identify an individual.” 740 ILCS 14/10.
In dismissing the complaint, the court agreed with X’s arguments that Plaintiff failed to plausibly allege (1) that the PhotoDNA software collects scans of facial geometry and (2) that the hashes identified photo subjects. First, the court rejected Plaintiff’s “conclusory” assertion that the creation of a hash from a photo that includes a person’s face “necessitates” creating a scan of facial geometry, saying, “The fact that PhotoDNA creates a unique hash for each photo does not necessarily imply that it is scanning for an individual’s facial geometry when creating the hash.” Id. at *2. The court distinguished Plaintiff’s allegation from those that withstood dismissal in a different case in which the plaintiff alleged that scans of photos “located her face and zeroed in on its unique contours to create a ‘template’ that maps and records her distinct facial measurements.” Id. at 3 (quoting Rivera v. Google Inc., 238 F. Supp. 3d 1088, 1091 (N.D. Ill. 2017)).Continue Reading Illinois Federal Court Dismisses BIPA Suit Against X, Holding “Biometric Identifiers” Must Identify Individuals