A federal judge in Dallas has dismissed a biometric privacy lawsuit against Match Group, the parent company of popular dating apps Tinder and OKCupid. The suit had alleged that the companies violated the Illinois Biometric Information Privacy Act (BIPA) by collecting and storing users’ biometric data during their photo verification process without proper consent.
The case centered on Tinder’s photo verification feature, introduced in 2020, which requires users to complete a “liveness check” by taking video selfies to verify their identity. Under BIPA, companies must obtain explicit written consent before collecting biometric data like facial geometry, inform users about data retention policies, and specify how the information will be used. The plaintiffs argued Match Group failed to meet these requirements.
U.S. District Judge David C. Godbey dismissed the case, ruling that Texas law applied under the apps’ terms of service, which specify Texas as the governing jurisdiction. Unlike Illinois’ BIPA statute, which allows individuals to sue companies directly over biometric privacy violations, Texas law provides no such private right of action. This jurisdictional distinction effectively blocked the plaintiffs from pursuing claims under Illinois’ stricter privacy protections.
The ruling follows a pattern of companies facing BIPA litigation attempting to leverage jurisdictional differences to avoid liability. In similar cases, courts have grappled with determining which state’s laws should apply when technology platforms operate across multiple jurisdictions. Judge Godbey’s decision could influence future biometric privacy cases, particularly as more companies implement facial recognition and other biometric verification systems.
Match Group has previously defended its biometric data collection practices as necessary for user safety and verification purposes. The company’s photo verification system aims to combat fake profiles and catfishing attempts, though privacy advocates argue such features require stronger user consent mechanisms and transparency about data handling practices.
The dismissal highlights ongoing tensions between state-level privacy protections and the inherently interstate nature of digital platforms. While Illinois’ BIPA has led to numerous settlements, including recent cases against major tech companies, the effectiveness of such state-level protections may be limited when companies can argue for the application of more favorable jurisdictions’ laws.
Source: Bloomberg Law
—
November 01, 2024 – by the ID Tech Editorial Team
Follow Us