Hartman v. Meta Platforms, Inc.
3:23-cv-02995
S.D. Ill.Sep 17, 2024Background
- Plaintiffs allege Meta Platforms, Inc. (Meta) violated the Illinois Biometric Information Privacy Act (BIPA) by collecting facial geometry data via Facebook Messenger and Messenger Kids’ augmented reality (AR) filters, without proper notice, consent, or a compliant data retention policy.
- Plaintiffs seek to represent Illinois citizens whose face geometries were allegedly collected between June 28, 2018, and judgment date.
- Meta moved to dismiss, arguing: (a) the data is not "biometric" under BIPA, (b) there was no collection or possession as defined by BIPA, (c) certain documents outside the complaint should be considered, (d) California law applies per Terms of Service, and (e) BIPA is preempted by the federal COPPA statute regarding children’s data.
- The court excluded nearly all extrinsic documents Meta attached to its motion to dismiss, considering only the complaint itself, and deferred any choice-of-law determination until after discovery.
- Key factual issues include whether Meta’s facial geometry scans are capable of identifying users, whether Meta collected or possessed such data, and whether COPPA preempts BIPA claims as to children.
Issues
| Issue | Plaintiff's Argument | Defendant's Argument | Held |
|---|---|---|---|
| Whether facial scan data is "biometric" under BIPA | Face geometry scans are "biometric identifiers" even if not used for identification | Data was not unique/capable of identifying users | Plaintiffs allege sufficient uniqueness to survive dismissal |
| Whether Meta "collected" or "possessed" biometric data | Meta stored data on both user devices and its own servers, exercising control | Data stored only locally on user devices; not collected or possessed | Plaintiffs' allegations that data was on Meta servers suffices to state a claim |
| Whether California law bars Illinois BIPA claims | BIPA governs; no facts alleged to support applying California law | California law applies due to Terms of Service | No basis in record to apply California law at this stage |
| Whether COPPA preempts BIPA claims re Messenger Kids | No preemption; BIPA and COPPA regulate different things, are not inconsistent | COPPA expressly (or impliedly) preempts BIPA for children’s data | No preemption; COPPA and BIPA are not inconsistent in coverage |
Key Cases Cited
- Richards v. Mitcheff, 696 F.3d 635 (7th Cir. 2012) (standard for motion to dismiss under Rule 12(b)(6))
- Bell Atlantic Corp. v. Twombly, 550 U.S. 544 (2007) (pleading standard for plausibility)
- Brownmark Films, LLC v. Comedy Partners, 682 F.3d 687 (7th Cir. 2012) (incorporation-by-reference doctrine on motion to dismiss)
- Rosenbach v. Six Flags Ent. Corp., 129 N.E.3d 1197 (Ill. 2019) (statutory interpretation for undefined terms in BIPA)
- Cothron v. White Castle Sys., Inc., 216 N.E.3d 918 (Ill. 2023) (definition of "collect" under BIPA)
- People v. Ward, 830 N.E.2d 556 (Ill. 2005) (definition of "possess" under Illinois law)
- Jones v. Google LLC, 73 F.4th 636 (9th Cir. 2023) (COPPA preemption – supplementing state law not preempted)
- In re Facebook Biometric Info. Priv. Litig., 185 F. Supp. 3d 1155 (N.D. Cal. 2016) (collection of unique facial data as biometric under BIPA)