Facebook’s Landmark $550 Million Illinois Privacy Violations Settlement

Facebook’s Landmark $550 Million Illinois Privacy Violations Settlement
Michael Canty

Announced on Jan. 30, the settlement in Patel v. Facebook Inc. will establish a $550 million fund for a class of Illinois Facebook users who alleged the social media giant violated the state Biometric Information Privacy Act (BIPA) by its use of facial recognition software without users’ express consent.

Facebook’s settlement is noteworthy not only as the largest in a privacy-related lawsuit, but also because it will be a point of reference for lawmakers in many other states and in Congress, where biometric privacy laws similar to Illinois’ BIPA are under consideration. Currently, only a handful of states have enacted biometric privacy laws. States are looking hard at the Illinois statute and now also will be looking at the Facebook settlement in developing similar laws.

Illinois’ BIPA, enacted in 2008, is the oldest state biometric privacy law and the most stringent, and it has stirred controversy because it is the only biometric privacy statute that provides for a private right of action for monetary damages for a violation. Hundreds of lawsuits have been brought in the state under the BIPA law and some observers have argued that it’s unleashed excessive litigation and may have a chilling effect on tech innovation. However, Mr. Canty believes that the Illinois law is working as intended.

The reality is that in Illinois they wanted a private right of action, and they got results – from that perspective, the class action remedy has proven effective. In Illinois, they are not trying to thwart innovation, they are looking out for the privacy of the consumer. We all want to move forward with innovative technology, but consumers need to have protections with teeth. And allowing a private right of action is most efficient for bringing recoveries on behalf of injured parties. It was private firms that bore the risks and costs in the Facebook case. The reality is, as a plaintiff’s lawyer you’re incentivized to look for real fraud and real violations — our firm takes on cases that represent real fraud.

The Facebook litigation was brought in 2015 in Illinois, when three separate class actions alleged that Facebook violated BIPA with its “Tag Suggestions” feature. Edelson PC, Labaton Sucharow LLP, and Robbins Geller Rudman & Dowd LLP served as co-counsel for one of the actions. Facebook moved the cases to U.S. District Court for the Northern District of California, where the cases were consolidated under the caption Patel v. Facebook Inc.

In August 2019, the Ninth Circuit approved the class certification. Facebook requested a stay in the case while the company petitioned for a writ of certiorari in the Supreme Court.  The Court rejected the petition without comment and Facebook agreed to the settlement soon afterward.


Michael Canty is head of the consumer cybersecurity group at Labaton Sucharow