Microsoft, Amazon Avoid Illinois BIPA Suits Over Photo Uploads

Microsoft Corp. and Inc. won’t have to face separate class actions alleging they violated the Illinois Biometric Information Privacy Act when they made use of a biometric-information data set produced by IBM Corp. from photos uploaded by users to a photo-sharing website.

In nearly identical lawsuits alleging they violated the BIPA by obtaining the information from the data set without users’ written consent, Judge James L. Robart of the US District Court for the Western District of Washington granted summary judgment to the tech giants.

Steven Vance and Tim Janecyk, the named plaintiffs in each lawsuit, failed to show that Microsoft’s allegedly illegal conduct occurred “primarily and substantially” in Robart granted Microsoft summary judgment and cited Illinois as a prerequisite for liability under the BIPA.

In anticipation of discussions with counsel regarding potential redactions, Robart’s order and opinion in the lawsuit against Amazon were filed under seal.

In rejecting the plaintiffs’ common law claim of unjust enrichment, Robart noted that the plaintiffs had also failed to show that Microsoft made money from having access to their biometric data, which the company claimed it didn’t use and couldn’t have made money from.

The lawsuits resulted from Microsoft and Amazon’s efforts to enhance the capacity of their facial-recognition software to recognize the faces of women and people with darker skin.


To increase the variety of faces included in facial recognition systems, each company looked into using a biometric data set created by IBM. According to the lawsuits, a database of 100 million photos that users, including Vance and Janecyk, had uploaded to Flickr was used to create that data set, which is also known as the Diversity in Faces Dataset.

According to Roberts, Microsoft’s actions involved a vendor and a student intern who downloaded, read, and assessed the DiF Dataset to see if it would work for their facial recognition projects. According to Microsoft, neither used the data set.

The most the plaintiffs could claim, according to Robart, was that Microsoft might have kept encrypted copies of the DiF Dataset on a cloud server in Illinois when it came to the question of whether its actions took place in or were related to the state of Illinois.

However, he noted that the BIPA only focused on collecting biometric data, not storing it in an encrypted form after collection. Microsoft had no involvement in the collection of the images or the creation of the biometric data at issue in the lawsuit, and its storage of the data in Illinois wouldn’t be illegal, he claimed.

Vance and the proposed classes were represented by Lynch Carpenter LLP and Drury Legal LLC. Amazon and Microsoft were represented by Duane Morris LLP, Davis Wright Tremaine LLP, and Morgan Lewis & Bockius LLP.

Vance v. is one of the cases. W. D. Wash. Microsoft Corp., 10/17/22, No. 2:20-cv-01082, and Vance v. Inc., W.D. Washington, No. 2:20-cv-01084, 10/17/22.

To contact the reporter on this story: Christopher Brown in St. Louis at [email protected]

To contact the editors responsible for this story: Rob Tricchinelli at [email protected]; Maya Earls at [email protected]

Source: The Seattle Times

Notify of
Inline Feedbacks
View all comments

Related Posts

Begin typing your search term above and press enter to search. Press ESC to cancel.

Back To Top
Would love your thoughts, please comment.x