July 27, 2021

Volume XI, Number 208

Advertisement

July 27, 2021

Subscribe to Latest Legal News and Analysis

July 26, 2021

Subscribe to Latest Legal News and Analysis

FTC Settles Facial Recognition Data Misuse Allegations with App Developer

The proliferation of mobile devices and digital media allows consumers to take, post, and store more photos and videos than ever before. Since 2015, app developer Everalbum has operated the mobile app, Ever, which offers a means for users to store photos and videos on the company’s cloud servers. Everalbum told users they could deactivate their accounts at any time and the company would delete their images. According to a complaint from the Federal Trade Commission (FTC), however, despite assurances to the contrary, the company retained users’ photos and videos after they deactivated their accounts. In addition, Everalbum did more with users’ photos and videos than store them; it used them to create facial recognition technology without permission. The FTC alleged that these practices constituted unfair or deceptive acts or practices, in violation of Section 5(a) of the FTC Act.

Everalbum launched a feature called “Friends” that uses facial recognition technology to tag people in group photos. The app sent pop-up messages to Ever users in Texas, Illinois, Washington, and the European Union – jurisdictions with biometric laws in place – and provided an option to use facial recognition. For users who did not affirmatively consent, Everalbum disabled the “Friends” facial recognition feature. Users in other jurisdictions had no way to disable the facial recognition tool, which was activated by default.

Everalbum also assured users that it would delete their images if they deactivated their accounts. But according to the FTC, until at least October 2019, the company failed to do so. In addition, between September 2017 and August 2019, Everalbum allegedly combined the photos and videos it retained with millions of photos obtained from public sources and used the resulting datasets to develop facial recognition services, which it sold to its business customers and used to develop the Ever app.

Under the terms of the proposed agreement containing consent order with the FTC, Everalbum must delete (1) all photos and videos of Ever customers who deactivated their accounts, (2) all data developed from images of Ever users who did not consent to use of their images for facial recognition purposes, and (3) any facial recognition models or algorithms developed from Ever users’ photos or videos without explicit consent.

The Commission voted 5-0 to issue the proposed administrative complaint and accept the consent agreement. Commissioner Rohit Chopra issued a separate statement in which he voiced concerns over the use of facial recognition technology, believing it to be “fundamentally flawed.” He stressed the importance of state biometric laws, noting that “Everalbum took greater care when it came to these individuals in these states. The company’s deception targeted Americans who live in states with no specific state law protections. With the tsunami of data being collected on individuals, we need all hands on deck to keep these companies in check.”

The Everalbum settlement signals that the FTC is keeping close watch on how companies that use biometric technology handle consumer data.

 

© 2021 Keller and Heckman LLPNational Law Review, Volume XI, Number 48
Advertisement
Advertisement
Advertisement
Advertisement
Advertisement
Advertisement

About this Author

Sheila Millar, Keller Heckman, advertising lawyer, privacy attorney
Partner

Sheila A. Millar counsels corporate and association clients on advertising, privacy, product safety, and other public policy and regulatory compliance issues.

Ms. Millar advises clients on an array of advertising and marketing issues.  She represents clients in legislative, rulemaking and self-regulatory actions, advises on claims, and assists in developing and evaluating substantiation for claims. She also has extensive experience in privacy, data security and cybersecurity matters.  She helps clients develop website and app privacy policies,...

202-434-4646
Tracy Marshall, Keller Heckman, regulatory attorney, for-profit company lawyer
Partner

Tracy Marshall assists clients with a range of business and regulatory matters.

In the business and transactional area, Ms. Marshall advises for-profit and non-profit clients on corporate organization, operations, and governance matters, and assists clients with structuring and negotiating a variety of transactions, including purchase and sale, marketing, outsourcing, and e-commerce agreements.

In the privacy, data security, and advertising areas, she helps clients comply with privacy, data security, and consumer protection laws, including laws governing telemarketing and...

202-434-4234
Advertisement
Advertisement