This document is a class action complaint filed against Google alleging violations of the Illinois Biometric Information Privacy Act (BIPA). It alleges that Google uses facial recognition technology to scan photos uploaded to Google Photos, extract biometric identifiers like facial geometry, and create and store "face templates" without obtaining proper consent as required by BIPA. The complaint alleges Google's practices violate sections of BIPA requiring notice, consent, and data retention policies for collecting and storing biometric information and identifiers. It seeks damages on behalf of Plaintiff and other Illinois residents whose photos were scanned and face templates created by Google without consent.
Privacy & Security of Consumer and Employee Information - Conference MaterialsRachel Hamilton
The ever increasing use of social media by employees in the workforce, privacy violations with online behavioral advertising,and potential privacy and security risks associated with social media sites have prompted federal and state regulators to create stricter enforcement initiatives to protect the privacy of consumer and employee information. The industry is one step closer to a national cyber notification law which will not only pre-empt state notification bills but permanently change how companies and organizations respond to data breaches.
The Department of Justice prosecutes most large scale child porn cases. Darren Chaker uploads this in depth article about the intricate details prosecutors for the US Attorney to seek and obtain convictions and keep children safe.
Privacy and Access to Information Law - Lecture 1James Williams
The first lecture from Law 3040X.03, Privacy and Access to Information Law. This lecture was given in January 2013 at Osgoode Hall Law School, York University. The rest of our slides are for students only.
2014’s biggest winners and losers in privacy and securityGolden Locksmith
A security survey conducted by wired.com is put together by golden-locksmith-tx.com to display the 2014' biggest winners and losers in privacy and security.
When becoming defendants in the Marshall Islands with overwhelming evidence for torts, corporations GOOGLE, MICROSOFT, YAHOO et al elected to make sure they got off the hook: they brought their own bribed judge to "work" with their own unauthorized attorneys to defeat due course of law. Are these mega corporations above the law?
Privacy & Security of Consumer and Employee Information - Conference MaterialsRachel Hamilton
The ever increasing use of social media by employees in the workforce, privacy violations with online behavioral advertising,and potential privacy and security risks associated with social media sites have prompted federal and state regulators to create stricter enforcement initiatives to protect the privacy of consumer and employee information. The industry is one step closer to a national cyber notification law which will not only pre-empt state notification bills but permanently change how companies and organizations respond to data breaches.
The Department of Justice prosecutes most large scale child porn cases. Darren Chaker uploads this in depth article about the intricate details prosecutors for the US Attorney to seek and obtain convictions and keep children safe.
Privacy and Access to Information Law - Lecture 1James Williams
The first lecture from Law 3040X.03, Privacy and Access to Information Law. This lecture was given in January 2013 at Osgoode Hall Law School, York University. The rest of our slides are for students only.
2014’s biggest winners and losers in privacy and securityGolden Locksmith
A security survey conducted by wired.com is put together by golden-locksmith-tx.com to display the 2014' biggest winners and losers in privacy and security.
When becoming defendants in the Marshall Islands with overwhelming evidence for torts, corporations GOOGLE, MICROSOFT, YAHOO et al elected to make sure they got off the hook: they brought their own bribed judge to "work" with their own unauthorized attorneys to defeat due course of law. Are these mega corporations above the law?
Mitigating Risk of Website Accessibility Lawsuits3Play Media
Attempts to enforce ADA website compliance continue and may be increasing in some business verticals with the effects of the pandemic and the push to an all-on-line era. The need to make your websites more accessible to all is not a matter of if, but rather when. Accessible360’s Co-founder has been teaching CLE classes for several years, come learn what you can do now to make websites and apps available to more people, and how to reduce your risk.
https://digitalguardian.com/blog/social-engineering-attacks-common-techniques-how-prevent-attack
Statement of Michelle Richardson, Director, Privacy & Data
Center for Democracy & Technology
before the
United States Senate Committee on the Judiciary
GDPR & CCPA: Opt-ins, Consumer Control, and the Impact on Competition and Innovation
March 12, 2019
On behalf of the Center for Democracy & Technology (CDT), thank you for the
opportunity to testify about the importance of crafting a federal consumer privacy law that
provides meaningful protections for Americans and clarity for entities of all sizes and sectors.
CDT is a nonpartisan, nonprofit 501(c)(3) charitable organization dedicated to advancing the
rights of the individual in the digital world. CDT is committed to protecting privacy as a
fundamental human and civil right and as a necessity for securing other rights such as access to
justice, equal protection, and freedom of expression. CDT has offices in Washington, D.C., and
Brussels, and has a diverse funding portfolio from foundation grants, corporate donations, and
individual donations.1
The United States should be leading the way in protecting digital civil rights. This hearing
is an opportunity to learn how Congress can improve upon the privacy frameworks offered in
the European Union via the General Data Protection Regulation (GDPR) and the California
Consumer Privacy Act (CCPA) to craft a comprehensive privacy law that works for the U.S. Our
digital future should be one in which technology supports human rights and human dignity. This
future cannot be realized if people are forced to choose between protecting their personal
information and using the technologies and services that enhance our lives. This future depends
on clear and meaningful rules governing data processing; rules that do not simply provide
1 All donations over $1,000 are disclosed in our annual report and are available online at:
https://cdt.org/financials/.
2
people with notices and check boxes but actually protect them from privacy and security
abuses and data-driven discrimination; protections that cannot be signed away.
Congress should resist the narratives that innovative technologies and strong privacy
protections are fundamentally at odds, and that a privacy law would necessarily cement the
market dominance of a few large companies. Clear and focused privacy rules can help
companies of all sizes gain certainty with respect to appropriate and inappropriate uses of data.
Clear rules will also empower engineers and product managers to design for privacy on the
front end, rather than having to wait for a public privacy scandal to force the rollback of a
product or data practice.
We understand that drafting comprehensive privacy legislation is a complex endeavor.
Over the past year we have worked with partners in civil societ.
Presented by The National Underwriter Company, and brought to you by FC&S Legal:
Insurance coverage experts Anjali C. Das and Jerold Oshinsky provide a timely presentation on cyber liability insurance--offering practical tools and guidance on key insurance coverage issues.
Also included: The latest cyber policies—including a discussion of key policy provisions and leading cases that have interpreted the new policies.
Viewers will also find vital information on:
• Examples of the kinds of claims asserted for data breach and privacy
• Coverage under traditional policies: ISO Pre-2001 CGL; ISO Post-2001 CGL
• The evolution of case law for coverage under traditional policies
• Why corporate boards should pay attention to cyber risk, including statistics, D&O Exposure, and D&O Policies
A summarized version of the 60 page Rule broken down by Kirk J. Nahra, a partner with Wiley Rein & Fielding LLP in Washington, D.C. He specializes in privacy and information security litigation and counseling for companies facing compliance obligations in these areas. He is the Chair of the firm’s Privacy Practice. He serves on the Board of Directors of the International Association of Privacy Professionals, and edits IAPP’s monthly newsletter, Privacy Officers Advisor. He is a Certified Information Privacy Professional, and is the Chair of the ABA Health Law Section’s Interest Group on eHealth, Privacy & Security.
Data Privacy: What you should know, what you should do!
CSMFO Data Privacy in the Governmental Sector, Local Government. Data Privacy Laws, PCI, Breaches, AICPA – Generally Accepted Privacy Principles
This new publication, Cyber Claims Insight from Aon Benfield’s Cyber Practice Group, empowers readers with the resources and tools they need to understand the cyber landscape, including legal trends, claims and insurance coverage disputes.
Introduction to US Privacy and Data Security Regulations and Requirements (Se...Financial Poise
The United States has no federal data security or privacy law covering all businesses or all U.S. citizens. Instead, federal agencies and individual states have created their own patchwork of laws and regulations which must be evaluated for their application to a business.
This webinar will help you navigate the overlapping and sometimes confusing system of laws and regulations which may impact your business, ranging from emerging state-level privacy legislation to the numerous data breach notification statutes to cybersecurity regulations with extraterritorial effect.
To view the accompanying webinar, go to: https://www.financialpoise.com/financial-poise-webinars/introduction-to-us-privacy-and-data-security-regulations-and-requirements-2021/
IIAC Young Agents - Protecting Your Insureds\' Private InformationJason Hoeppner
Personal information security and breach notification requirements are topics that all independent insurance agencies need to be aware of and be prepared for operationally in the event of a loss of clients\' information.
Joint ad trade letter to ag becerra re ccpa 1.31.2019Greg Sterling
We strongly support the objectives of the California Consumer Privacy Act (CCPA), but we have notable concerns around the likely negative impact on California consumers and businesses from some of the specific language in the law. We provide this initial comment to provide you with information about the significant importance of a data-driven and ad-supported online ecosystem, industry efforts to protect privacy, and in section III of the letter draw your attention to several areas that can be addressed and improved through the rulemaking process. We will provide more detailed comments over the coming weeks.
a group of locksmiths has filed a new class action lawsuit against Google, Microsoft and Yahoo. They claim the search engines (Google in particular) are deliberately “flooding” organic results with “scam locksmith listings” known to be false.
In an extensive and lengthy argument, Amazon argues that interactions with the Alexa virtual assistant are free speech. That includes both the human speech commands and the AI/robot responses. Interestingly, Amazon cites Search King v. Google for the proposition that Alexa responses are like search results and entitled to the same editorial protections accorded Google under that ruling and related case law
European Court of Justice Press Release GS Media vs. SanomaGreg Sterling
[W]hen hyperlinks are posted for profit, it may be expected that the person who posted such a link should carry out the checks necessary to ensure that the work concerned is not illegally published. Therefore, it must be presumed that that posting has been done with the full knowledge of the protected nature of the work and of the possible lack of the copyright holder’s consent to publication on the internet. In such circumstances, and in so far as that presumption is not rebutted, the act of posting a clickable link to a work illegally published on the internet constitutes a ‘communication to the public’.
Defending Weapons Offence Charges: Role of Mississauga Criminal Defence LawyersHarpreetSaini48
Discover how Mississauga criminal defence lawyers defend clients facing weapon offence charges with expert legal guidance and courtroom representation.
To know more visit: https://www.saini-law.com/
Lifting the Corporate Veil. Power Point Presentationseri bangash
"Lifting the Corporate Veil" is a legal concept that refers to the judicial act of disregarding the separate legal personality of a corporation or limited liability company (LLC). Normally, a corporation is considered a legal entity separate from its shareholders or members, meaning that the personal assets of shareholders or members are protected from the liabilities of the corporation. However, there are certain situations where courts may decide to "pierce" or "lift" the corporate veil, holding shareholders or members personally liable for the debts or actions of the corporation.
Here are some common scenarios in which courts might lift the corporate veil:
Fraud or Illegality: If shareholders or members use the corporate structure to perpetrate fraud, evade legal obligations, or engage in illegal activities, courts may disregard the corporate entity and hold those individuals personally liable.
Undercapitalization: If a corporation is formed with insufficient capital to conduct its intended business and meet its foreseeable liabilities, and this lack of capitalization results in harm to creditors or other parties, courts may lift the corporate veil to hold shareholders or members liable.
Failure to Observe Corporate Formalities: Corporations and LLCs are required to observe certain formalities, such as holding regular meetings, maintaining separate financial records, and avoiding commingling of personal and corporate assets. If these formalities are not observed and the corporate structure is used as a mere façade, courts may disregard the corporate entity.
Alter Ego: If there is such a unity of interest and ownership between the corporation and its shareholders or members that the separate personalities of the corporation and the individuals no longer exist, courts may treat the corporation as the alter ego of its owners and hold them personally liable.
Group Enterprises: In some cases, where multiple corporations are closely related or form part of a single economic unit, courts may pierce the corporate veil to achieve equity, particularly if one corporation's actions harm creditors or other stakeholders and the corporate structure is being used to shield culpable parties from liability.
A "File Trademark" is a legal term referring to the registration of a unique symbol, logo, or name used to identify and distinguish products or services. This process provides legal protection, granting exclusive rights to the trademark owner, and helps prevent unauthorized use by competitors.
Visit Now: https://www.tumblr.com/trademark-quick/751620857551634432/ensure-legal-protection-file-your-trademark-with?source=share
In 2020, the Ministry of Home Affairs established a committee led by Prof. (Dr.) Ranbir Singh, former Vice Chancellor of National Law University (NLU), Delhi. This committee was tasked with reviewing the three codes of criminal law. The primary objective of the committee was to propose comprehensive reforms to the country’s criminal laws in a manner that is both principled and effective.
The committee’s focus was on ensuring the safety and security of individuals, communities, and the nation as a whole. Throughout its deliberations, the committee aimed to uphold constitutional values such as justice, dignity, and the intrinsic value of each individual. Their goal was to recommend amendments to the criminal laws that align with these values and priorities.
Subsequently, in February, the committee successfully submitted its recommendations regarding amendments to the criminal law. These recommendations are intended to serve as a foundation for enhancing the current legal framework, promoting safety and security, and upholding the constitutional principles of justice, dignity, and the inherent worth of every individual.
Car Accident Injury Do I Have a Case....Knowyourright
Every year, thousands of Minnesotans are injured in car accidents. These injuries can be severe – even life-changing. Under Minnesota law, you can pursue compensation through a personal injury lawsuit.
Guide on the use of Artificial Intelligence-based tools by lawyers and law fi...Massimo Talia
This guide aims to provide information on how lawyers will be able to use the opportunities provided by AI tools and how such tools could help the business processes of small firms. Its objective is to provide lawyers with some background to understand what they can and cannot realistically expect from these products. This guide aims to give a reference point for small law practices in the EU
against which they can evaluate those classes of AI applications that are probably the most relevant for them.
Matthew Professional CV experienced Government LiaisonMattGardner52
As an experienced Government Liaison, I have demonstrated expertise in Corporate Governance. My skill set includes senior-level management in Contract Management, Legal Support, and Diplomatic Relations. I have also gained proficiency as a Corporate Liaison, utilizing my strong background in accounting, finance, and legal, with a Bachelor's degree (B.A.) from California State University. My Administrative Skills further strengthen my ability to contribute to the growth and success of any organization.
1. UNITED STATES DISTRICT COURT
NORTHERN DISTRICT OF ILLINOIS
JOSEPH WEISS, individually and on behalf of
all others similarly situated,
Plaintiff,
v.
GOOGLE INC.,
Defendant.
Civil Action No.
(JURY TRIAL DEMANDED)
CLASS ACTION COMPLAINT
Plaintiff Joseph Weiss (“Plaintiff”), individually and on behalf of all others similarly
situated, brings this Class Action Complaint for violations of the Illinois Biometric Information
Privacy Act, 740 ILCS 14/1, et seq. (the “BIPA”), against Google Inc. (“Google”), and alleges
as follows based on personal knowledge as to himself, on the investigation of his counsel and
the advice and consultation of certain third-party agents as to technical matters, and on
information and belief as to all other matters, and demands trial by jury:
NATURE OF ACTION
1. Plaintiff brings this action for damages and other legal and equitable remedies
resulting from the illegal actions of Google in collecting, storing and using Plaintiff’s and other
similarly situated individuals’ biometric identifiers1
and biometric information2
(collectively,
“biometrics”) without informed written consent, in direct violation of the BIPA.
1
A “biometric identifier” is any personal feature that is unique to an individual, including
fingerprints, iris scans, DNA and “face geometry,” among others.
2
“Biometric information” is any information captured, converted, stored, or shared based on a
person’s biometric identifier used to identify an individual.
Case: 1:16-cv-02870 Document #: 1 Filed: 03/04/16 Page 1 of 16 PageID #:1
2. 2
2. The Illinois Legislature has found that “[b]iometrics are unlike other unique
identifiers that are used to access finances or other sensitive information.” 740 ILCS 14/5(c).
“For example, social security numbers, when compromised, can be changed. Biometrics,
however, are biologically unique to the individual; therefore, once compromised, the individual
has no recourse, is at heightened risk for identity theft, and is likely to withdraw from biometric-
facilitated transactions.” Id.
3. In recognition of these concerns over the security of individuals’ biometrics –
particularly in the City of Chicago, which was recently selected by major national corporations
as a “pilot testing site[] for new applications of biometric-facilitated financial transactions,
including finger-scan technologies at grocery stores, gas stations, and school cafeterias” (740
ILCS 14/5(b)) – the Illinois Legislature enacted the BIPA, which provides, inter alia, that a
private entity like Google may not obtain and/or possess an individual’s biometrics unless it: (1)
informs that person in writing that biometric identifiers or information will be collected or
stored, see id.; (2) informs that person in writing of the specific purpose and length of term for
which such biometric identifiers or biometric information is being collected, stored and used,
see id.; (3) receives a written release from the person for the collection of his or her biometric
identifiers or information, see id.; and (4) publishes publically available written retention
schedules and guidelines for permanently destroying biometric identifiers and biometric
information. 740 ILCS 14/15(a).
4. In direct violation of each of the foregoing provisions of § 15(a) and § 15(b) of
the BIPA, Google is actively collecting, storing, and using – without providing notice, obtaining
informed written consent or publishing data retention policies – the biometrics of thousands of
unwitting Illinois residents.
Case: 1:16-cv-02870 Document #: 1 Filed: 03/04/16 Page 2 of 16 PageID #:2
3. 3
5. Specifically, Google has created, collected and stored, in conjunction with its
cloud-based “Google Photos” service, millions of “face templates” (or “face prints”) – highly
detailed geometric maps of the face – from millions of Illinois residents. Google creates these
templates using sophisticated facial recognition technology that extracts and analyzes data from
the points and contours of faces that appear in photos taken on Google “Droid” devices and
uploaded to the cloud-based Google Photos service. Each face template that Google extracts is
unique to a particular individual, in the same way that a fingerprint or voiceprint uniquely
identifies one and only one person.
6. Plaintiff brings this action individually and on behalf of all others similarly
situated to prevent Google from further violating the privacy rights of Illinois residents, and to
recover statutory damages for Google’s unauthorized collection, storage, and use of these
individuals’ biometrics in violation of the BIPA.
PARTIES
7. Plaintiff is, and has been at all relevant times, a resident and citizen of Chicago,
Illinois.
8. Google is a Delaware corporation with its headquarters at 1600 Amphitheatre
Parkway, Mountain View, California 94043. Accordingly, Google is a citizen of the states of
Delaware and California. Google is also registered to do business in Illinois (No. 65161605)
and maintains an office in Cook County, Illinois.
JURISDICTION AND VENUE
9. Jurisdiction is proper in this Court pursuant to the Class Action Fairness Act,
28 U.S.C. § 1332(d) (“CAFA”), because: (i) the proposed class consists of well over 100
members; (ii) the parties are minimally diverse, as members of the proposed class, including
Case: 1:16-cv-02870 Document #: 1 Filed: 03/04/16 Page 3 of 16 PageID #:3
4. 4
Plaintiff, are citizens of a state different from Google’s home states; and (iii) the aggregate
amount in controversy exceeds $5,000,000.00, exclusive of interests and costs. There are likely
millions of individuals who, while residing in Illinois, had their photos uploaded to Google
Photos even though they are not users of Google Photos. The estimated number of Illinois
residents impacted by Google’s conduct multiplied by the BIPA’s statutory liquidated damages
figure ($5,000.00 for each intentional or reckless violation and $1,000.00 for each negligent
violation) easily exceeds CAFA’s $5,000,000.00 threshold.
10. Google is subject to personal jurisdiction in Illinois because the photos of
Plaintiff giving rise to this lawsuit (i.e., the photos from which the illegal face templates were
derived) were captured on, and uploaded to Google Photos by Google Droid devices that were
shipped by Google into Illinois and purchased by Plaintiff in Illinois. Google is also subject to
personal jurisdiction in Illinois because it targets its facial recognition technology towards
millions of its users who are residents of Illinois, because Plaintiff and millions of other Illinois
residents had their biometric identifier(s) collected by Google from photographs uploaded and
tagged by Google users residing in Illinois, and because it maintains an office in Cook County,
Illinois.
11. Venue is proper in this District because Plaintiff resides in this District, and
because the claims alleged in this lawsuit arose in large part in this District.
FACTUAL BACKGROUND
I. Biometric Technology Implicates Consumer Privacy Concerns
12. “Biometrics” refers to unique physical characteristics used to identify an
individual. One of the most prevalent uses of biometrics is in facial recognition technology,
which works by scanning a human face or an image thereof, extracting facial feature data based
Case: 1:16-cv-02870 Document #: 1 Filed: 03/04/16 Page 4 of 16 PageID #:4
5. 5
on specific “biometric identifiers” (i.e., details about the face’s geometry as determined by facial
points and contours), and comparing the resulting “face template” (or “faceprint”) against the
face templates stored in a “face template database.” If a database match is found, an individual
may be identified.
13. The use of facial recognition technology in the commercial context presents
numerous consumer privacy concerns. During a 2012 hearing before the United States Senate
Subcommittee on Privacy, Technology, and the Law, U.S. Senator Al Franken stated that “there
is nothing inherently right or wrong with [facial recognition technology, but] if we do not stop
and carefully consider the way we use [it], it may also be abused in ways that could threaten
basic aspects of our privacy and civil liberties.”3
Senator Franken noted, for example, that facial
recognition technology could be “abused to not only identify protesters at political events and
rallies, but to target them for selective jailing and prosecution.”4
14. The Federal Trade Commission (“FTC”) has raised similar concerns, and
recently released a “Best Practices” guide for companies using facial recognition technology. 5
In the guide, the Commission underscores the importance of companies’ obtaining affirmative
consent from consumers before extracting and collecting their biometric identifiers and
biometric information from digital photographs.
3
What Facial Recognition Technology Means for Privacy and Civil Liberties: Hearing Before the
Subcomm. on Privacy, Tech. & the Law of the S. Comm. on the Judiciary, 112th Cong. 1 (2012),
available at https://www.eff.org/files/filenode/jenniferlynch_eff-senate-testimony-face_recognition.pdf
(last visited Mar. 1, 2016).
4
Id.
5
Facing Facts: Best Practices for Common Uses of Facial Recognition Technologies, Federal Trade
Commission (Oct. 2012), available at http://www.ftc.gov/sites/default/files/documents/reports/facing-
facts-best-practices-common-uses-facial-recognition-technologies/121022facialtechrpt.pdf (last visited
Mar. 1, 2016).
Case: 1:16-cv-02870 Document #: 1 Filed: 03/04/16 Page 5 of 16 PageID #:5
6. 6
15. As explained below, Google failed to obtain consent from anyone when it
introduced its facial recognition technology. Not only do the actions of Google fly in the face of
FTC guidelines, they also violate the privacy rights of Illinois residents.
II. Illinois’s Biometric Information Privacy Act
16. In 2008, Illinois enacted the BIPA due to the “very serious need [for]
protections for the citizens of Illinois when it [comes to their] biometric information.” Illinois
House Transcript, 2008 Reg. Sess. No. 276. The BIPA makes it unlawful for a company to,
inter alia, “collect, capture, purchase, receive through trade, or otherwise obtain a person’s or a
customer’s biometric identifiers6
or biometric information, unless it first:
(l) informs the subject . . . in writing that a biometric
identifier or biometric information is being collected or stored;
(2) informs the subject . . . in writing of the specific
purpose and length of term for which a biometric identifier or
biometric information is being collected, stored, and used; and
(3) receives a written release executed by the subject of
the biometric identifier or biometric information or the subject’s
legally authorized representative.”
740 ILCS 14/15 (b).
17. Section 15(a) of the BIPA also provides:
A private entity in possession of biometric identifiers or
biometric information must develop a written policy, made
available to the public, establishing a retention schedule and
guidelines for permanently destroying biometric identifiers and
biometric information when the initial purpose for collecting or
obtaining such identifiers or information has been satisfied or
within 3 years of the individual’s last interaction with the private
entity, whichever occurs first.
740 ILCS 14/15(a).
6
BIPA’s definition of “biometric identifier” expressly includes information collected about the
geometry of the face (i.e., facial data obtained through facial recognition technology). See 740 ILCS
14/10.
Case: 1:16-cv-02870 Document #: 1 Filed: 03/04/16 Page 6 of 16 PageID #:6
7. 7
18. As alleged below, Google’s practices of collecting, storing, and using
individuals’ biometric identifiers and information without informed written consent violate all
three prongs of § 15(b) of the BIPA. Google’s failure to provide a publicly available written
policy regarding their schedule and guidelines for the retention and permanent destruction of
individuals’ biometric information also violates § 15(a) of the BIPA.
III. Google Violates Illinois’s Biometric Information Privacy Act
19. In May 2015, Google announced the release of its photo sharing and storage
service called Google Photos. Users of Google Photos upload millions of photos per day,
making photographs a vital part of the Google experience.
20. The Google Photos app, which comes pre-installed on all Google Droid devices,
is set by default to automatically upload all photos taken by the Droid device user to the cloud-
based Google Photos service. Users can also connect other devices to Google Photos to upload
and access photos on the cloud-based service.
21. Unbeknownst to the average consumer, and in direct violation of § 15(b)(1) of
the BIPA, Google’s proprietary facial recognition technology scans each and every photo
uploaded to the cloud-based Google Photos for faces, extracts geometric data relating to the
unique points and contours (i.e., biometric identifiers) of each face, and then uses that data to
create and store a template of each face – all without ever informing anyone of this practice.7
22. The cloud-based Google Photos service uses these face templates to organize
and group together photos based upon the particular individuals appearing in the photos. This
technology works by comparing the face templates of individuals who appear in newly-uploaded
7
Google holds several patents covering its facial recognition technology that detail its illegal
process of scanning photos for biometric identifiers and storing face templates in its database without
obtaining informed written consent.
Case: 1:16-cv-02870 Document #: 1 Filed: 03/04/16 Page 7 of 16 PageID #:7
8. 8
photos with the facial templates already saved in Google’s face database. Specifically, when a
Google Photos user uploads a new photo, Google’s sophisticated facial recognition technology
creates a template for each face depicted therein, without consideration for whether a particular
face belongs to a Google Photos user or unwitting non-user, and then compares each template
against Google’s face template database. If there is a match, then Google groups the photo from
which the newly-uploaded face template was derived with the previously uploaded photos
depicting that individual.
23. These unique face templates are not only collected and used by Google Photos
to identify individuals by name, but also to recognize their gender, age, and location.
Accordingly, Google also collects “biometric information” from non-users. See 740 ILCS
14/10.
24. In direct violation of §§ 15(b)(2) and 15(b)(3) of the BIPA, Google never
informed Illinois residents who had their face templates collected of the specific purpose and
length of term for which their biometric identifiers or information would be collected, stored,
and used, nor did Google obtain a written release from any of these individuals.
25. In direct violation of § 15(a) of the BIPA, Google does not have written,
publicly available policies identifying their retention schedules, or guidelines for permanently
destroying any of these biometric identifiers or information.
IV. Plaintiff’s Experience
26. In approximately November 2013, Plaintiff purchased a Google Droid device
from a retail location in Illinois. In approximately July 2015, Plaintiff purchased another
Google Droid device from a retail location in Illinois.
Case: 1:16-cv-02870 Document #: 1 Filed: 03/04/16 Page 8 of 16 PageID #:8
9. 9
27. Since purchasing his Google Droid devices, Plaintiff has used those Droid
devices to take and upload numerous photos to his cloud-based Google Photos account.
28. Specifically, Plaintiff’s Google Photos account contains approximately twenty-
one (21) photos depicting Plaintiff that were taken with his Droid devices and automatically
uploaded to Google Photos by his Droid devices.
29. Upon upload to the cloud-based Google Photos storage service, Google
analyzed these photos by automatically locating and scanning Plaintiff’s face, and by extracting
geometric data relating to the contours of his face and the distances between his eyes, nose, and
ears – data which Google then used to create a unique template of Plaintiff’s face.
30. The resulting unique face template was used by Google to locate and group
together all photos depicting Plaintiff for organizational purposes.
31. Plaintiff’s face template was also used by Google to recognize Plaintiff’s
gender, age, race, and location.
32. Plaintiff never consented, agreed or gave permission – written or otherwise – to
Google for the collection or storage of his unique biometric identifiers or biometric information.
33. Further, Google never provided Plaintiff with nor did he ever sign a written
release allowing Google to collect or store his unique biometric identifiers or biometric
information.
34. Likewise, Google never provided Plaintiff with an opportunity to prohibit or
prevent the collection, storage, or use of his unique biometric identifiers or biometric
information.
Case: 1:16-cv-02870 Document #: 1 Filed: 03/04/16 Page 9 of 16 PageID #:9
10. 10
35. Nevertheless, when photos of Plaintiff were automatically uploaded to Google
Photos, Google located Plaintiff’s face in the photos, scanned Plaintiff’s facial geometry, and
created a unique face template corresponding to Plaintiff, all in direct violation of the BIPA.
CLASS ALLEGATIONS
36. Class Definition: Plaintiff brings this action pursuant to Federal Rules of Civil
Procedure 23(b)(2) and 23(b)(3) on behalf of a class of similarly situated individuals, defined as
follows (the “Class”):
All individuals who, while residing in the State of Illinois, had
their biometric identifiers, including “face templates” (or “face
prints”), collected, captured, received, or otherwise obtained by
Google.
The following are excluded from the Class: (1) any Judge presiding over this action
and members of his or her family; (2) Google, Google’s subsidiaries, parents, successors,
predecessors, and any entity in which Google or its parent has a controlling interest (as well as
current or former employees, officers and directors); (3) persons who properly execute and file a
timely request for exclusion from the Class; (4) persons whose claims in this matter have been
finally adjudicated on the merits or otherwise released; (5) Plaintiff’s counsel and Google’s
counsel; and (6) the legal representatives, successors, and assigns of any such excluded persons.
37. Numerosity: The number of persons within the Class is substantial, believed to
amount to millions of persons. It is, therefore, impractical to join each member of the Class as a
named Plaintiff. Further, the size and relatively modest value of the claims of the individual
members of the Class renders joinder impractical. Accordingly, utilization of the class action
mechanism is the most economically feasible means of determining and adjudicating the merits
of this litigation.
Case: 1:16-cv-02870 Document #: 1 Filed: 03/04/16 Page 10 of 16 PageID #:10
11. 11
38. Commonality and Predominance: There are well-defined common questions
of fact and law that exist as to all members of the Class and that predominate over any questions
affecting only individual members of the Class. These common legal and factual questions,
which do not vary from Class member to Class member, and which may be determined without
reference to the individual circumstances of any class member include, but are not limited to, the
following:
(a) whether Google collected or otherwise obtained Plaintiff’s and the Class’s
biometric identifiers or biometric information;
(b) whether Google properly informed Plaintiff and the Class that it collected,
used, and stored their biometric identifiers or biometric information;
(c) whether Google obtained a written release (as defined in 740 ILCS 1410) to
collect, use, and store Plaintiff’s and the Class’s biometric identifiers or
biometric information;
(d) whether Google developed a written policy, made available to the public,
establishing a retention schedule and guidelines for permanently destroying
biometric identifiers and biometric information when the initial purpose for
collecting or obtaining such identifiers or information has been satisfied or
within 3 years of their last interaction, whichever occurs first;
(e) whether Google used Plaintiff’s and the Class’s biometric identifiers or
biometric information to identify them; and
(f) whether Google’s violations of the BIPA were committed intentionally,
recklessly, or negligently.
39. Adequate Representation: Plaintiff has retained and is represented by
qualified and competent counsel who are highly experienced in complex consumer class action
litigation. Plaintiff and his counsel are committed to vigorously prosecuting this class action.
Neither Plaintiff nor his counsel has any interest adverse to, or in conflict with, the interests of
the absent members of the Class. Plaintiff is able to fairly and adequately represent and protect
the interests of such a Class. Plaintiff has raised viable statutory claims of the type reasonably
expected to be raised by members of the Class, and will vigorously pursue those claims. If
Case: 1:16-cv-02870 Document #: 1 Filed: 03/04/16 Page 11 of 16 PageID #:11
12. 12
necessary, Plaintiff may seek leave of this Court to amend this Class Action Complaint to
include additional Class representatives to represent the Class or additional claims as may be
appropriate.
40. Superiority: A class action is superior to other available methods for the fair
and efficient adjudication of this controversy because individual litigation of the claims of all
Class members is impracticable. Even if every member of the Class could afford to pursue
individual litigation, the Court system could not. It would be unduly burdensome to the courts
in which individual litigation of numerous cases would proceed. Individualized litigation would
also present the potential for varying, inconsistent or contradictory judgments, and would
magnify the delay and expense to all parties and to the court system resulting from multiple
trials of the same factual issues. By contrast, the maintenance of this action as a class action,
with respect to some or all of the issues presented herein, presents few management difficulties,
conserves the resources of the parties and of the court system and protects the rights of each
member of the Class. Plaintiff anticipates no difficulty in the management of this action as a
class action. Class-wide relief is essential to compel compliance with the BIPA.
FIRST CAUSE OF ACTION
Violation of 740 ILCS 14/1, et seq.
(On Behalf of Plaintiff and the Class)
41. Plaintiff incorporates the foregoing allegations as if fully set forth herein.
42. The BIPA makes it unlawful for any private entity to, among other things,
“collect, capture, purchase, receive through trade, or otherwise obtain a person’s or a customer’s
biometric identifiers or biometric information, unless it first: (1) informs the subject . . . in
writing that a biometric identifier or biometric information is being collected or stored;
(2) informs the subject . . . in writing of the specific purpose and length of term for which a
Case: 1:16-cv-02870 Document #: 1 Filed: 03/04/16 Page 12 of 16 PageID #:12
13. 13
biometric identifier or biometric information is being collected, stored, and used; and
(3) receives a written release executed by the subject of the biometric identifier or biometric
information . . . .” 740 ILCS 14/15(b) (emphasis added).
43. Google is a Delaware corporation and thus qualifies as a “private entity” under
the BIPA. See 740 ILCS 14/10.
44. Plaintiff and Class members are individuals who had their “biometric
identifiers” collected and stored by Google’s facial recognition software (in the form of their
facial geometries extracted from digital photographs uploaded to Google Photos). See 740 ILCS
14/10.
45. Plaintiff and Class members are individuals who had their “biometric
information” collected by Google (in the form of their gender, age and location) through
Google’s collection and use of their “biometric identifiers.”
46. Google systematically and automatically collected, used, and stored Plaintiff’s
and Class members’ biometric identifiers and/or biometric information without first obtaining
the written release required by 740 ILCS 14/15(b)(3).
47. In fact, Google failed to properly inform Plaintiff or the Class in writing that
their biometric identifiers and/or biometric information were being “collected or stored” on
Google Photos, nor did Google inform Plaintiff or Class members in writing of the specific
purpose and length of term for which their biometric identifiers and/or biometric information
were being “collected, stored and used” as required by 740 ILCS 14/15(b)(1)-(2).
48. In addition, Google does not publicly provide a retention schedule or guidelines
for permanently destroying the biometric identifiers and/or biometric information of Plaintiff or
Class members, as required by the BIPA. See 740 ILCS 14/15(a).
Case: 1:16-cv-02870 Document #: 1 Filed: 03/04/16 Page 13 of 16 PageID #:13
14. 14
49. By collecting, storing, and using Plaintiff’s and the Class’s biometric identifiers
and biometric information as described herein, Google violated the rights of Plaintiff and each
Class member to keep private these biometric identifiers and biometric information, as set forth
in BIPA.
50. On behalf of himself and the proposed Class members, Plaintiff seeks:
(1) injunctive and equitable relief as is necessary to protect the interests of Plaintiff and the
Class by requiring Google to comply with the BIPA’s requirements for the collection, storage,
and use of biometric identifiers and biometric information as described herein; (2) statutory
damages of $5,000.00 for the intentional and reckless violation of the BIPA pursuant to 740
ILCS 14/20 (2), or alternatively, statutory damages of $1,000.00 pursuant to 740 ILCS 14/20(1)
if the Court finds that Google’s violations were negligent; and (3) reasonable attorneys’ fees and
costs and other litigation expenses pursuant to 740 ILCS 14/20(3).
PRAYER FOR RELIEF
WHEREFORE, Plaintiff Joseph Weiss, on behalf of himself and the proposed Class,
respectfully requests that this Court enter an Order:
A. Certifying this case as a class action on behalf of the Class defined above,
appointing Plaintiff as representative of the Class, and appointing his counsel as Class Counsel;
B. Declaring that Google’s actions, as set out above, violate the BIPA, 740 ILCS
l4/1, et seq.;
C. Awarding statutory damages of $5,000.00 for each and every intentional and
reckless violation of the BIPA pursuant to 740 ILCS 14/20(2), or alternatively, statutory
damages of $1,000.00 pursuant to 740 ILCS 14/20(1) if the Court finds that Google’s violations
were negligent;
Case: 1:16-cv-02870 Document #: 1 Filed: 03/04/16 Page 14 of 16 PageID #:14
15. 15
D. Awarding injunctive and other equitable relief as is necessary to protect the
interests of the Class, including, inter alia, an order requiring Google to collect, store, and use
biometric identifiers or biometric information in compliance with the BIPA;
E. Awarding Plaintiff and the Class their reasonable litigation expenses and
attorneys’ fees;
F. Awarding Plaintiff and the Class pre- and post-judgment interest, to the extent
allowable; and
G. Awarding such other and further relief as equity and justice may require.
JURY TRIAL
51. Plaintiff demands a trial by jury for all issues so triable.
Dated: March 4, 2016 Respectfully submitted,
By: /s/ Katrina Carroll
Katrina Carroll
kcarroll@litedepalma.com
Kyle A. Shamberg
kshamberg@litedepalma.com
LITE DEPALMA GREENBERG, LLC
211 West Wacker Drive, Suite 500
Chicago, Illinois 60606
Telephone: (312) 750-1265
AHDOOT & WOLFSON, PC
Robert Ahdoot*
radhoot@ahdootwolfson.com
Tina Wolfson*
twolfson@ahdootwolfson.com
Bradley King*
bking@ahdootwolfson.com
1016 Palm Avenue
West Hollywood, California 90069
Telephone: (310) 474-9111
Facsimile: (310) 474-8585
Case: 1:16-cv-02870 Document #: 1 Filed: 03/04/16 Page 15 of 16 PageID #:15
16. 16
CAREY RODRIGUEZ
MILIAN GONYA, LLP
David P. Milian*
dmilian@careyrodriguez.com
Frank S. Hedin*
fhedin@careyrodriguez.com
1395 Brickell Avenue, Suite 700
Miami, Florida 33131
Telephone: (305) 372-7474
Facsimile: (305) 372-7475
*Pro Hac Vice Application Forthcoming
Counsel for Plaintiff and the Putative Class
Case: 1:16-cv-02870 Document #: 1 Filed: 03/04/16 Page 16 of 16 PageID #:16