Facebook (FB) has been accused of illegally harvesting the biometric data of over 100 million Instagram users in new legal proceedings issued in California.
The lawsuit, filed overnight in state court in Redwood City, alleges that the photo-sharing app has collected, stored, and profited from the data of the users without their knowledge or consent.
According to Bloomberg, the filing alleges that Facebook is violating an Illinois privacy law that prohibits the collection of biometric data without a user’s consent.
The social media giant could be forced to pay as much as $5,000 per violation if a court determines that it acted recklessly or intentionally in doing so.
The baseline fine per violation under the Illinois law, known as the Biometric Information Privacy Act, is $1,000.
Responding to a request for comment, a Facebook spokesperson said: “This suit is baseless. Instagram doesn't use face recognition technology.”
Last month, the company offered to pay $650m (£495m) in a separate lawsuit taken against the social media giant over the use of biometric data in a photo-labelling service on its main Facebook platform.
That offer was up from the $550m originally negotiated as part of a January settlement agreement in the case.
The service, known as Tag Suggestions, uses face-matching software to suggest the names of people in photos uploaded to the network.
That class action lawsuit, taken in Illinois, argues that the company has been collecting facial data without users’ permission — and without telling them how long the data will be stored.
Though it has agreed to settle, Facebook has also denied the allegations in that lawsuit.
The collection of biometric data and in particular the use of facial recognition technologies has become increasingly controversial in recent months.
The European Commission warned earlier this year that facial recognition tools can be faulty, can violate privacy, and can aid and abet crime.
But the bloc’s executive arm stopped short of proposing a mooted five-year ban on its use in public spaces, fearing it could stifle innovation.
EU competition chief Margrethe Vestager has instead tasked member states with examining their own use of facial recognition technology.
The bloc has become a leader in data protection, with its sweeping GDPR regulation forcing technology giants to step up their privacy regimes.
GDPR also served as the inspiration for the California Consumer Privacy Act (CCPA), which came into effect in January 2020.