September 23, 2023

Volume XIII, Number 266


September 22, 2023

Subscribe to Latest Legal News and Analysis

September 21, 2023

Subscribe to Latest Legal News and Analysis

Defunct Photo App Agrees to Erase Biometric Data in FTC Settlement

The Federal Trade Commission recently entered the biometric fray. It settled with a now-defunct photo-storage app over its use of facial recognition technology. According to the FTC, the company engaged in a variety of deceptive and unfair acts, in violation of Section 5 of the FTC Act.

The company, Everalbum, Inc. operated an app that let users organize photos that they uploaded to the app. The app, Ever, had a “Friends” tool that used facial recognition technology to group photos by people’s faces. Everalbum told users it would only use facial recognition with consent. However, Friends was in an “opt in” mode only in jurisdictions with biometric laws (Texas, Illinois, Washington, and the European Union). For users in other locations, the technology was automatically turned on unless users opted out. This (being in opt-out mode) did not constitute the promised consent, according to the FTC.

Also of concern for the FTC was the fact that facial recognition technology was used by extracting images from uploaded photos and combining those with other images the company obtained from public datasets. The resulting datasets Everalbum created, the FTC alleged, were used to help develop Friends. The FTC was further concerned that Everalbum did not delete any users’ photos upon account deactivation, even though it represented that it would do so. Instead, Ever stored photos indefinitely.

While no civil penalties were imposed, Everalbum agreed to (1) delete all photos collected from users who deactivated their accounts and (2) delete “face embeddings” (i.e., the facial features used for facial recognition) unless the company had obtained express consent for their use. The settlement also establishes recordkeeping requirements. Everalbum also has to complete a compliance report in one year. In a supporting statement, Commissioner Chopra emphasized that absent more restrictions on the use of biometric technology, it was “critical that the FTC meaningfully enforce existing law to deprive wrongdoers of technologies they build through unlawful collection of American’s facial images and likenesses.”

Copyright © 2023, Sheppard Mullin Richter & Hampton LLP.National Law Review, Volume XI, Number 20

About this Author

Liisa Thomas, Sheppard Mullin Law Firm, Chicago, Cybersecurity Law Attorney

Liisa Thomas, a partner based in the firm’s Chicago and London offices, is Co-Chair of the Privacy and Cybersecurity Practice. Her clients rely on her ability to create clarity in a sea of confusing legal requirements and describe her as “extremely responsive, while providing thoughtful legal analysis combined with real world practical advice.” Liisa is the author of the definitive treatise on data breach, Thomas on Data Breach: A Practical Guide to Handling Worldwide Data Breach Notification, which has been described as “a no-nonsense roadmap for in-house and...

David M. Poell Business Trial Attorney Sheppard Mullin Chicago, IL

David Poell is an associate in the Business Trial Practice Group in the firm’s Chicago office, particularly focusing on the areas of consumer privacy and class action litigation.

Areas of Practice

David represents companies in a variety of class actions, multi-district litigations and other complex commercial litigation matters in state and federal courts. He specializes in defending corporate clients in high-stakes litigation matters involving federal consumer-protection statutes, privacy torts, unfair business practices, false advertising claims and large...