The suit follows similar claims from a class action case Facebook settled for $650 million last year. That case alleged Facebook violated Illinois’ Biometric Information Privacy Act by storing data about people’s faces without their consent for its photo tag suggestion tool.
Facebook announced in November it would shut down its facial recognition system system that recognizes users’ faces in photos and can suggest they tag them. The company said as part of the initiative, it would delete individual facial recognition templates for more than 1 billion people.
Texas’ lawsuit claims Facebook violated state law by failing to gain users’ informed consent to collect their biometric data and also failing to destroy that data in a reasonable period of time. The suit claims Facebook violated these rights for Texans who did not even use the social media giant’s services, since the company allegedly collected facial identifiers on photos uploaded to its site whether those pictured were Facebook users or not.
Texas alleges Facebook violated the law by capturing facial recognition data without consent billions of times.
The state can enforce a civil penalty of up to $25,000 per violation of Texas’ Capture or Use of Biometric Identifier Act for each unlawful collection of a biometric identifier, disclosure of that data to a third-party and failure to destroy the data in a timely manner, according to the suit. Texas also alleges Facebook violated the state’s Deceptive Trade Practices Act by misleading consumers and asks for an additional $10,000 civil penalty for each violation of that law.
Paxton said at a press conference Monday that the total penalties could tally in the billions of dollars.
Texas claims that while Facebook marketed its tag suggestion tool, users did not fully realize that by accepting or rejecting tags, they were helping to train the company’s artificial intelligence system to continue to recognize those faces.
The plaintiffs charge that Facebook’s violations left Texans at risk for their personal information to be stolen.
“Unlike other identifiers, such as Social Security numbers, which can be changed when stolen or misappropriated, biometric identifiers are permanent,” the suit says. “Once a biometric identifier is captured, a bad actor can access and exploit the identifier for the rest of the victim’s life.”
Meta did not immediately respond to a request for comment on the Texas lawsuit.