The Federal Trade Commission has finalized a settlement with Everalbum, Inc., a California-based photography app developer, concerning allegations that Everalbum was using facial recognition technology for its own internal purposes, despite public statements to the contrary. As part of the settlement, the Company is enjoined from certain practices and required to submit annual compliance reports to the FTC for the next ten years.
Everalbum provides a consumer-facing app called Ever, which enables users to upload photographs to various platforms and devices, including computers, mobile phones, and social media accounts. Ever then organizes the photographs, and stores them in a centralized, cloud-based data storage service.
According to the FTC’s complaint, Ever began using facial recognition technology in a new feature launched in February 2017. Despite public-facing statements that Everalbum would not apply facial recognition technology to users’ photos without their express consent, the ability to consent to such use was apparently only made available to users in certain states and the European Union (jurisdictions that have biometric privacy laws). All other users had the facial recognition feature automatically enabled. Additionally, while the company had stated that users’ pictures and information would be deleted once a user deactivated his/her account, Everalbum was actually retaining the images indefinitely.
The settlement requires Everalbum to obtain consumers’ express consent prior to using facial recognition technology on the users’ photographs and videos, and to delete the content of deactivated accounts. The company is also enjoined from misrepresenting the extent to which it collects, uses, discloses, maintains or deletes consumers’ photographs and videos. The company must submit a compliance report to the FTC one year from the settlement, and ensure compliance among principles, officers, directors, managers and employees for ten years.