Two putative class action cases involving alleged violations of Illinois’ Biometric Information Privacy Act (“BIPA”) were recently dismissed by a federal judge in the US District Court for the Western District of Washington involving Microsoft and Amazon’s use of the Diversity in Faces (“DiF”) Dataset, a collection of publicly available photos from around the world, including links to photos of Illinois residents, that the companies downloaded in order to evaluate if it would improve diversity of its facial recognition products. According to court documents, neither company decided to use the DiF Dataset following the evaluations. On October 17, 2022, the judge granted separate motions for summary judgment filed by Microsoft Corporation and Amazon.com Inc., both Washington-based companies, finding that there was insufficient evidence to show that the defendants’ use of the DiF Dataset had “occurred primarily and substantially in Illinois” in accordance with Illinois’ extraterritoriality doctrine. The judge also granted Amazon’s request to seal the order on its motion for summary judgment.
According to the order on Microsoft’s motion for summary judgment, Plaintiff representatives Steven Vance and Tim Janecyk, were Illinois residents who uploaded digital photographs, including photos of themselves, to a photo-sharing website – photos that were ultimately included in the DiF Dataset. The plaintiffs filed lawsuits in 2020 against Microsoft and Amazon alleging that they violated BIPA Section 15(b) by collecting and obtaining their biometric data without providing required information or obtaining written releases, and violated BIPA Section 15(c) by unlawfully profiting from Plaintiffs’ biometric data. The Plaintiffs also filed claims for unjust enrichment and injunctive relief.
The judge granted the summary judgments after finding that the plaintiffs were not able to produce evidence that Microsoft and Amazon researchers responsible for downloading, reviewing and evaluating the DiF Dataset had any relevant connection to Illinois aside from the possibility that the Microsoft dataset may have been saved in a data center in Illinois. However, even if Plaintiffs could prove that Microsoft’s data was stored in an Illinois datacenter, the court held that BIPA only regulates the acquisition of the data and not the encrypted storage of data after it is acquired. After viewing the evidence in the light most favorable to Plaintiffs, the court also concluded that Plaintiffs failed to produce sufficient evidence from which a jury could reasonable find that the companies obtained a benefit, monetary or otherwise, from the biometric information or a benefit unjustly retained to the Plaintiffs’ detriment.