Skip to main content

Facial Recognition Privacy Lawsuits

The Lyon Firm is investigating BIPA violations, and filing Facial Recognition Lawsuits on behalf of plaintiffs nationwide
Nationwide Success

Hire a Personal Privacy Lawyer

It is prudent to hire an experienced biometric privacy lawyer who is knowledgeable in complex matters related to the collection, use, storage, and protection of facial recognition data and other biometrics — fingerprints, facial geometry, and iris scans. Our legal team can take the lead and guide you through the complicated legal process. 

With the help of new AI technologies and software, many tech companies have brought facial recognition products to market, often failing to respect the privacy rights of employees and consumers. As a result, recent face recognition lawsuits have been filed on behalf of plaintiffs nationwide.

Whether it is law enforcement, an employer or a retailer that uses facial recognition on their premises, they have a duty to adhere to privacy law and to obtain clear consent when an individual’s facial geometry data is collected and stored.

Several class action facial recognition lawsuits have been filed in the last few years, with plaintiffs and biometric privacy attorneys claiming that tech companies have taken advantage of ambiguous privacy regulations. While companies attempt to collect vast amounts of personal data, including consumer biometrics, privacy lawyers are pushing back, noting that companies not only have to get consent from each individual, but they have to demonstrate how they are going to use that information, and offer an explanation on why such programs are necessary.

With more and more companies using new technology with the assistance of AI software to identity consumers, there are several privacy rights at stake. Companies implement facial recognition systems at retailers or behind the scenes at the workplace and data privacy attorneys have filed related class action facial recognition lawsuits. 

If you believe your protected biometric data is being misused or being stored illegally, you be be eligible to file a privacy violation claim. 

Contact a Facial Recognition Lawyer to learn more about your privacy rights, and to consider taking legal action when companies violate existing biometric privacy law. Call for a free and confidential consultation.

Understanding Facial Recognition Technology

Facial recognition is a relatively new biometric security method of identifying or confirming a person’s identity using the unique facial geometry of their face. Facial recognition software is now used to identify people in photos, videos, or in real-time.

Most facial recognition systems rely on a massive database of photos to match an individual’s identity to photos on file. Face detection is now considered simple AI tech whereas a camera can detect and locate the image of a face. The image of the particular face in question is analyzed, reading the the geometry of a face. The individual face is digitized into a data set called a faceprint.

A faceprint is either entered into a database for future use or can be compared against a database of other known faces to find a match. The reliability of such technology varies widely. But even if the systems are accurate 99 percent of the time, this can cause major issues. The one percent of errors can result in serious security problems.

Facial recognition is used to unlock phones, to match watch lists in law enforcement, at airport security, to find missing persons, and ostensibly to “improve” retail experiences. Companies use this tech under the guise of helping consumers. Privacy lawyers are not so sure, especially when frequent data breach incidents leak this sensitive information.

What are the Risks of Companies Using Biometrics?

  • Data Security Incidents: In the last few years, dozens of data breach events have occurred, compromising valuable information, which often winds up on the dark web for criminals to manipulate. 
  • Biometric Data Misuse: there have been several lawsuits where plaintiffs have claimed that companies collected and shared their personal information without their consent, thereby violating their rights and resulting in a gross invasion of personal privacy.
  • Data Brokering: Some companies that collect personal data have been sued after they share or sell that data to third parties without the consent of consumers. 
  • Regulatory non-compliance: A few states have specific laws and regulations governing the collection, use, and protection of facial recognition data (including BIPA in Illinois, CCPA in California). 

Any of these violations can compromise your future security, and you may file a legal claim. Contact The Lyon Firm by calling (513) 381-2333 for a free consultation. Our lawyers are ready to review your privacy case. We aim to hold any negligent company accountable for their actions, and to compensate victims when damages occur. 

What Can Cybercriminals Do With Your Facial Recognition Data?

Biometric data breaches can leak very personal and unique data of individuals. Companies can profit from this data, and more nefarious bad actors can use this data in various fraud and identity theft schemes. 

photo of biometrics data privacy attorney Joe Lyon

Reviewing Face Recognition Privacy Violations

Why File a Face Recognition Lawsuit?

We believe very strongly that companies have aright to respect the privacy of individuals, whether they are employees or customers. Any company who collects and stores this kind of data has a duty to inform consumers, and to protect the data to the best of their ability. Should they fail to protect this sensitive information, or misuse it for profit, they may be held accountable by law. Plaintiffs can seek justice and rightful compensation under existing biometrics privacy law. 


  • This field is for validation purposes and should be left unchanged.

Facial Recognition Privacy FAQs

Can I File a facial recognition lawsuit?

You can consider legal action any time you believe a company is violating your privacy by collecting, storing and using personal data or your biometrics without prior consent.

Some companies and venues use facial recognition tech to clock in employees or identify potential security threats; airports use it at security checkpoints; casinos use it to bar blacklisted patrons; and retailers have increasingly used it to flag individuals suspected of shoplifting in the past. However, not only is the technology prone to making errors, implementing these tools may actually be illegal in some cases.

Thus, using biometric facial recognition systems still has its legal perils, and companies should be hesitant to adopt the technology without first assessing the personal privacy implications. While there are still not catch-all regulations in place at a federal level, there are limitations on how companies can collect or use personal information. Biometric facial recognition data like facial images should be protected under privacy law.

First and foremost, current biometric privacy law requires companies that collect facial geometry data to provide notice and obtain proper consent. Companies also have a duty to demonstrate that there are less-intrusive, traditional methods of identifying consumers if they want to implement such programs.

What are examples of facial recognition lawsuits?
  • Bumble, an online dating application, was sued after plaintiffs claimed the company profited from facial scans it collected from users without first receiving the required consent. A plaintiffs claimed Bumble failed to inform its users in writing during a “verification” process. The complaint also noted serious privacy concerns related to possible exposure to future privacy risk.
  • In June 2023, a class action facial recognition lawsuit was filed against Madison Square Garden (MSGE), alleging the company violated biometric privacy laws. The New York City Biometric Law “prohibits private companies from selling or otherwise profiting from the use of biometric information they collect.”
  • Facebook famously settled a huge case for hundreds of millions of dollars after the social media giant scanned photos for any recognizable faces. Facebook was ordered to pay $650 million after violating the Illinois BIPA law designed to regulate such invasive privacy practices.
  • Google was also named in a lawsuit for collecting and analyzing faces without “informed” consent.
  • The Federal Trade Commission (FTC) banned Rite Aid from using AI facial recognition technology for surveillance purposes after their software falsely tagged some consumers as shoplifters. An FTC statement said, “Rite Aid’s reckless use of facial surveillance systems left its customers facing humiliation and other harms, and its order violations put consumers’ sensitive information at risk.” The FTC has also ordered Rite Aid to notify consumers when their biometric info is enrolled and delete and direct third parties to delete images or photos collected using its AI facial recognition system. The FTC has warned against the increasing usage of consumer biometric information and the potential for data security concerns, privacy, and potential for bias and discrimination.

What States Have Biometric Regulations?

  • Texas has a law which provides that a person cannot capture a biometric identifier without a prior consent, and may not sell biometric data without consent. 
  • Illinois has the most cited biometric privacy law in their Biometrics Information Privacy Act (BIPA). Enacted in 2008, BIPA regulates the collection, use, storage, retention, and destruction of biometric identifiers and biometric information, such as fingerprints, voiceprints, face geometry, retina and hand scans. Companies in possession of biometrics may not profit from the data.
  • Washington passed biometric privacy legislation that prohibits any company or individual from entering biometric data into a database for a commercial purpose without providing notice or obtaining consent.
  • The California Consumer Privacy Act (CCPA) regulates the use of physiological, biological or behavioral characteristic identifiers, including DNA, imagery of the iris, retina, fingerprint, face, hand, palm, vein patterns, and voice recordings.
  • New York has passed the Stop Hacks and Improve Electronic Data Security (SHIELD) Act, which broadens the definition of private information to include biometric information.
Your Path to Justice
What is Class Action Litigation?

Filing a Class Action facial recognition lawsuit is a complex and serious legal course and is only realistically possible to reach a fair settlement with the help of an experienced lawyer with the proper resources at their disposal. 

We work with some of the leading privacy law firms across the country to provide the best resources possible and to help build your data privacy case into a valuable settlement. The current legal environment is favorable for workers and consumers involved in biometrics privacy class actions.