Federal Trade Commission Investigation Biometric Data Sharing
Last year, CPW covered a lawsuit won by Clarifai, Inc., a technology company specializing in artificial intelligence, when a federal court granted its motion to dismiss claims filed under the Privacy Act Illinois Biometric Information (“BIPA”) in Stein v. Clarifai, Inc., No. 20 C 1937, 2021 US Dist. LEXIS 49516 (ND Ill. March 16, 2021). Although the court’s findings dismissed a putative class action lawsuit, the Federal Trade Commission (“the Commission”) had already opened an investigation into a 2014 data-sharing incident that gave rise to the litigation. Last month, the FTC took a big step to deepen this investigation into Match Group (“Match”), the parent company of the entity from which Clarifai extracted facial data.
As a reminder, last year the Northern District of Illinois found it had no personal jurisdiction over Clarifai, which the plaintiff claims violated BIPA by harvesting facial data from the dating site OkCupid without obtaining consent from website users or making necessary disclosures. The court found that Clarifai only sold data to two customers in Illinois, generating only seven cents in revenue; these de minimis sales were not sufficient to establish personal jurisdiction over Clarifai.
Although the civil litigation was dismissed last year, in 2020 the Commission issued a Civil Inquiry Request (“CID”) to Match, OkCupid’s parent company, as part of its investigation into the 2014 data sharing incident between OkCupid and Clarifai that gave rise to the litigation. The investigation, which remains ongoing, aims to determine whether “any unnamed individuals, partnerships, corporations or other individuals are engaging or may be engaging in deceptive or unfair acts or practices relating to consumer privacy and /or data security”, based on reports that Clarifai had obtained photos and user data from OkCupid and used the data in a facial database that Clarifai had built to train its facial recognition technology. .
Last month, the Commission filed a petition with the U.S. District Court for the District of Columbia seeking compliance with the CID. While the petition acknowledges that Match produced reactive documents, the Commission says many other documents and communications related to the data-sharing incident have been withheld since 2020 based on “inappropriate and overbroad claims of secrecy. lawyer and the doctrine of work product”. .” The petition asks that Match produce the documents he withheld, or, alternatively, that the Court conduct a closed-door review of the documents.
© Copyright 2022 Squire Patton Boggs (USA) LLPNational Law Review, Volume XII, Number 167