Facial Recognition Gaming Software Tests Illinois Biometric Privacy Law
Does every product that takes a full face scan and saves it in accessible files violate the Illinois Biometric Information Privacy Act? Apparently not.
A recent ruling rejected a game-player’s claim that the face-scanning procedure of a video game, or the game-maker’s alleged indefinite storage of a face-scan file, did not violate the Illinois biometric law finding that no material risk of harm was demonstrated. The game company was free to take detailed biometric readings from its customers and use those readings for game play as long as the game’s “terms and conditions” accurately described how the readings would be handled. Companies including immutable biometric customer files within their programs can learn from the logic of this case to build their contracts and procedures to withstand scrutiny under the Illinois biometric law.
In this case, decided earlier this month, a federal judge in New York rejected a proposed class action from gamers challenging the way a popular basketball video game series collects biometric data.
The NBA 2K15 and 2K16 games give players the chance to hoop it up alongside the likes of Stephen Curry and LeBron James. The games use face-scanning technology to create playable avatars of the gamers themselves on their PS4 and Xbox systems.
In October 2015, plaintiffs sued Take-Two Interactive Software over the “MyPlayer” feature. The plaintiffs claimed a violation of the Illinois Biometric Information Privacy Act, and alleged Take-Two had failed to obtain informed consent in collecting the biometric data.
However, U.S. District Court Judge John Koetl dismissed the complaint with prejudice, saying the plaintiffs did not establish any injury as the result of playing the games and that Take-Two didn’t mislead gamers about how the biometric data would be used. The immutability of face scans did not weigh in the plaintiffs’ favor. Nor did a claim that Take-Two profited from the plaintiffs’ stored facial scans.
Judge Koetl writes, “The plaintiffs allege that they agreed to the MyPlayer terms and conditions, that NBA 2K15 scanned their faces to create personalized basketball avatars, and that the plaintiffs used their personalized basketball avatars for in-game play. The plaintiffs thus allege that the MyPlayer feature functioned exactly as anticipated. There is no allegation that Take-Two has disseminated or sold the plaintiffs’ biometric data to third- parties, or that Take-Two has used the plaintiffs’ biometric information in any way not contemplated by the only possible use of the MyPlayer feature: the creation of personalized basketball avatars for in-game play.”
Under new statutes like the Illinois law, capturing, storing and using consumer biometric information is a significant risk. This case shows that courts will not automatically assume the worst on behalf of the general public.