Twitter User Sues X Under BIPA After Software Collected Data From Photo Upload
X implemented software to police pornographic and other “not-safe-for-work” images uploaded to Twitter without adequately informing individuals who interacted with the social media platform “that it collects and/or stores their biometric identifiers in every photograph containing a face that is uploaded to Twitter,” alleges a Monday complaint (docket 1:23-cv-05449) in Cook County Circuit Court, Chancery division, Chicago. X, formerly known as Twitter, did so in violation of the Illinois Biometric Information Privacy Act (BIPA), alleged the complaint.
Plaintiff Mark Martell, a Chicago resident, alleges his biometric identifiers were collected, captured, otherwise obtained or stored by X in March when Martell tweeted a photograph that included his face. When Martell uploaded the photo, Twitter analyzed it for nudity, and in so doing, “collected, captured, and/or otherwise obtained,” stored and/or made use of Martell's biometric information, it said.
X’s practices of collecting, storing and using individuals’ biometric identifiers, without obtaining informed written consent, violate all three prongs of BIPA, said the complaint. Its failure to provide a publicly available written policy with a schedule and guidelines for retention and permanent destruction of individuals’ biometric identifiers and information violates BIPA Section 15(a), it said.
Twitter uses Microsoft PhotoDNA software to detect explicit images, said the complaint. PhotoDNA creates a unique digital signature, called a “hash,” of an image, which is then compared against hashes of other photos to find copies of the same image, it said. Twitter uses PhotoDNA in a manner that violates BIPA, which defines a biometric identifier as a retina or iris scan, fingerprint, voiceprint or scan of hand and face geometry, the complaint said. The creation of a unique image hash does not fall under any of BIPA’s carve-outs for biometric identifiers, it said.
X possesses hashes of all images uploaded to Twitter, meaning it actively 1) collects, captures, and/or otherwise obtains; 2) stores; and/or (3) makes use of the biometric identifiers of every person whose face appears in a photograph uploaded to Twitter, the complaint said. The company’s collection and use of Martell’s biometric identifiers “was, lamentably, not anomalous,” it said, and at no time did Twitter provide notice of the specific purpose and length of time for which his biometrics were being collected, stored and used.
Twitter didn’t ask Martell to provide consent for it to collect, store and use his biometrics, nor did it give him an opportunity to prevent the collection, storage or use of the data, nor give a schedule for retention and deletion of the data, said the complaint. By collecting Martell’s “unique biometrics without his consent, written or otherwise,” Twitter “invaded” Martell’s “statutorily protected right to privacy in his biometrics,” it said.
Martell requests for himself and the class statutory damages of $5,000 for each “intentional and reckless violation” of BIPA, or, alternatively, statutory damages of $1,000 for each violation that is found to have been committed negligently. He seeks awards of injunctive relief, pre- and post-judgment interest and reasonable litigation expenses, plus attorneys’ fees.