News

IT NEWS

Meta to pay $1.4 billion over unauthorized facial recognition image capture

Texas Attorney General Ken Paxton has announced a $1.4 billion settlement with Meta to “stop the company’s practice of capturing and using the personal biometric data of millions of Texans without the authorization required by law.”

The prime reason for the initial lawsuit that led to the settlement was Facebook’s “Tag Suggestions” feature that used facial recognition. This feature was rolled out in 2011 to “improve the user experience by making it easier for users to tag photographs with the names of people in the photo.”

However, Meta allegedly automatically turned this feature on for all Texans without explaining how the feature worked. This method made it possible to run facial recognition software on virtually every face contained in the photographs uploaded to Facebook, capturing records of the facial geometry of the people depicted, for a long time.

In 2019, Facebook said it had always given control to users about the use of face recognition technology to recognize users in photos, but it wasn’t until December 2017 that Facebook introduced settings that allowed users to manage whether Facebook used face recognition technology on their photos to suggest tags.

Texas’s “Capture or Use of Biometric Identifier” (CUBI) Act forbids companies from capturing biometric identifiers of Texans, including records of face geometry, unless the business first informs the person and receives their consent to capture the biometric identifier.

So, in February 2022, Attorney General Paxton sued Meta for unlawfully capturing the biometric data of millions of Texans without obtaining their informed consent as required by Texas law. Approximately two years after filing the petition, Texas reached a settlement agreement with Meta who will pay the state of Texas $1.4 billion over five years.

The face recognition setting is no longer available after Facebook reluctantly shut the Face Recognition system down by the end of 2021:

“Making this change required careful consideration, because we have seen a number of places where face recognition can be highly valued by people using platforms.

We believe facial recognition can help for products like these with privacy, transparency and control in place, so you decide if and how your face is used. We will continue working on these technologies and engaging outside experts.”

Personally, I feel since biometrics are increasingly used for identification by more important services than social media, those platforms have no business gathering them. Therefore, we welcome Facebook’s move away from this kind of broad identification and will closely follow its planned future move toward narrower forms of personal authentication.

We don’t just report on threats – we help protect your social media

Cybersecurity risks should never spread beyond a headline. Protect your social media accounts by using Cyrus, powered by Malwarebytes.