Texas Is Investigating Facebook for Harvesting Biometric Data from Users

Texas Attorney General Ken Paxton is investigating Facebook over allegations that the major social media network may have improperly collected users' biometric data.

Though it's unclear what kind of biometric data Paxton suspects Facebook of improperly collecting, he has requested documents related to Facebook's use of facial recognition software.

Biometrics are physical or behavioral characteristics that computers can use to digitally identify people or place individuals into larger groups that share common traits. Some everyday forms of biometric data include fingerprints, facial or retinal scans, voice recognition and DNA matching.

According to documents obtained by the Tech Transparency Project, in June, Paxton issued a civil investigative demand to Facebook to determine whether the social network had violated the Texas Deceptive Trade Practices Consumer Protection Act (DTPA), a law meant to shield consumers from false and misleading business practices, unconscionable actions and breaches of warranty.

In his investigation, Paxton has requested that Facebook provide documents related to whether the company violated Illinois's Biometric Information Privacy Act of 2008.

Illinois-based Facebook users filed a class-action lawsuit alleging that the social network had secretly collected user's facial biometric data without their express consent. Facebook is currently finalizing an over $500 million settlement in the case.

Amongst the Illinois documents sought by Paxton are "discovery materials, responses to requests for interrogatories, the identity of experts retained by Facebook in the matter, unredacted transcripts of depositions and a copy of all motions and pleadings," according to the news website Axios.

However, Facebook may be reluctant to share the materials, as a June 25 email from Paxton's office asks Facebook officials to schedule a video conference to discuss the company's unwillingness to provide the requested documents.

Facebook investigation biometric data Texas
An artist's visualization of biometric data analyzed by computers. metamorworks/Getty

In the Illinois case, Facebook was accused of "secretly amass[ing] the world's largest privately held database of consumer biometrics data," specifically facial data used to identify people's faces in user-uploaded photographs.

Illinois investigators alleged that Facebook's computers analyzed biometric data in users' faces in order to identify the users in any photos of them subsequent uploaded to the social network.

The Illinois law requires companies to get written consent before collecting biometric data and to notify customers about how long their information will be kept. The lawsuit alleged, "[This] is precisely what Facebook did not do when it rolled out its facial recognition program."

Plaintiffs in the case worried that a data breach could cause their biometric data to be shared over the web and used in ways beyond theirs or Facebook's control.

Rusty Perdew, a Chicago lawyer with experience in class-action lawsuits told Bloomberg News that Facebook's multi-million dollar settlement in the Illinois case may compel other courts to apply significantly increased scrutiny to data-privacy settlements.

Newsweek contacted Facebook for comment.