Snap Inc., the parent company of Snapchat, has agreed to pay $35 million for violating users' privacy. The company violated the Illinois Biometric Information Privacy Act (BIPA) by collecting and storing facial recognition data from its users without their consent.
Does the company violate the Illinois Biometric Information Privacy Act?
Snapchat failed to ask for written consent before collecting and storing facial recognition data. The law requires no one to collect, use, process or store any biometrics collected from individuals unless they have given their explicit written consent.
What is the Illinois Biometric Information Privacy Act?
Snap's main issue is that it had collected user data, including face scans and fingerprints, without permission. The app had previously required users to consent to collect their data but changed this with an update.
The company failed to ask for written consent.
Snapchat's privacy policy did not say the company would collect facial recognition data from its users. The policy also didn't explain how Snapchat planned to use that information or how it planned to use it.
Snapchat's failure to ask for consent from users before collecting and storing this data violates California state law, which requires companies to get written permission before collecting data about their customers.
Snapchat's negligence exposed the data to third parties
Snapchat's negligence exposed the data to third parties. Snapchat's negligence in protecting user data left more than 4 million users vulnerable to identity theft and other privacy violations.
Snapchat's deceptive policies and practices deceived users about how their data was being handled.
From ignoring its security standards to misleading users about what information it collects and shares with third parties, Snapchat has been deceiving its users for years by failing to protect them from third-party exploitation of their personal information.
The settlement forces Snapchat to change its privacy practices
In the settlement, Snapchat must stop collecting and storing facial recognition data, delete all such data it has collected, destroy all copies of the data and purge any logs that contain information about users'; faces from its logs.
In 2020, Facebook had to pay a $550 million settlement in a similar function.
In 2020, Facebook had to pay a $550 million settlement for collecting biometric data and violating BIPA.
Biometric data is a person's unique physical features or behavioral characteristics used to identify them. Biometric data includes fingerprints, facial scans, retina scans, and voice patterns.
Facebook was collecting the biometric information of users without their consent or knowledge. They were also found to have collected this information from children, which is prohibited by BIPA.
To make matters worse, Facebook was also collecting this data and using it for marketing purposes! Wanting your phone number so you can be sent advertising? You got it! This is an example of why people say, "don't put all your eggs in one basket" – because when that basket breaks…
Google also paid $100 million for mishandling facial recognition data
Google was sued for violating the Biometric Information Privacy Act (BIPA), which requires companies to consent before collecting and storing biometric data.
The company also allegedly collected and stored face data from users who had never agreed to participate in the program and minors.
Conclusion
Snapchat is one of the world's most popular social media apps, with over 200 million users. But this settlement is just another example of how big tech companies are not doing enough to protect their users' privacy.
Today more people are learning about these violations and speaking up when they see others being deceived by deceptive practices such as the ones used by Snapchat. Other companies violating privacy laws will be held accountable!
Do not fall behind in the race for privacy. Have all your consent reports records up to date and along with a cookie banner on your website informing all your users about how and where their data will be used and/or shared. Remember, this is no longer an option but a mandate unless you are ready to pay millions of dollars in fines.
Or you can automate the entire process with the help of Adzapier Consent Management Platform and comply with not only the EU’s GDPR but also California CCPA/CPRA and all other global data privacy laws around the world in just a few clicks.