Snapchat settles for $35 million in Illinois biometrics lawsuit

Snap Inc., parent of instant messaging app Snapchat, has reportedly agreed to pay a $35 million settlement as part of a class-action lawsuit claiming it broke a key piece of Illinois privacy law.

Snapchat, the image-based messaging app that gained popularity in the 2010s, is also known for its wide array of lenses, which humorously alter a user’s appearance within a photo or video.

The complaint claimed that by “scanning the geometry of a person’s face” to apply the lenses, Snapchat is in violation of Illinois’ Biometric Information Privacy Act (BIPA). The plaintiffs were seeking $1,000 per negligent violation, and $5,000 per reckless violation.

BIPA prohibits private entities from collecting or obtaining a person’s biometric identifiers or information without first informing them in writing that this will occur, as well as outlining how long the data will be used and what for, and publishes its schedules and guidelines for destroying data.

Snapchat refutes the claim that it stores biometric data.

“While we are confident that Lenses do not violate BIPA, out of an abundance of caution and as a testament to our commitment to user privacy, earlier this year we rolled out an in-app consent notice for Snapchatters in Illinois,” Snap spokesperson Pete Boogaard told The Verge.

It remains a widely used social media platform, with over 88 million users in the US alone, according to Statista. However, user figures dramatically increase in younger age groups, with Snapchat itself claiming that over 75% of 13-34 year olds in over 20 countries today use Snapchat.

The settlement covers a broad time span, as any Snapchat user based in Illinois, who used its filters and lenses since November 17 2015, might be eligible for a payout. Individuals looking to submit a claim form have until 5 November to do so.

Unlike the UK or EU, the US has no federal data privacy legislation, instead relying on sets of local legislation that vary by state, as well as court convention.

The BIPA is a stringent piece of legislation, which sets out strict guidelines for the collection of biometric data. In June, Google was also hit with a lawsuit claiming that it had violated rights established by the BIPA, over the use of facial recognition in the Google Photos app. Without admitting wrongdoing, Google settled the suit in a $100 million payment.

Concern over the transparency of social media apps is a pressing issue, with apps such as TikTok having been accused by the FCC commissioner of being a China-backed surveillance tool, collecting sensitive information from US citizens.

Last week, it was announced that Oracle would be fulfilling a long-planned agreement with TikTok to receive and manage all of its US user traffic, and would regularly audit the company’s algorithms and use of data.