Republican Texas Attorney General sues Google, alleging it unlawfully captured and used biometric data of millions of Texans
Republican-controlled Texas continues to confront big tech, after its Attorney General Ken Paxton sued Google on Thursday.
Paxton alleged that Google broke the state’s biometric data law by failing to get adequate user consent to collect and use voice and facial information from millions of Texas consumers.
This mirrors a similar lawsuit filed by Paxton earlier this year, when he sued Facebook parent Meta Platforms under the same statute, namely the Capture or Use of Biometric Identifier Act.
Back in February 2022, Paxton alleged that Facebook had been storing millions of biometric identifiers contained in photos and videos uploaded by friends and family, who then used the social media app and its photo-tag suggestion tool.
This ignored that Facebook in November 2021 had closed down the use of facial recognition on its platform. It also deleted individual facial-recognition templates for more than 1 billion people.
But now the Texas AG is going after Alphabet’s Google, alleging similar charges in its lawsuit against the Mountain View-based tech giant.
The lawsuit also alleges that Google has collected millions of biometric identifiers, including voiceprints and records of face geometry, from Texans through its products and services like Google Photos, Google Assistant, and Nest Hub Max.
“Google’s indiscriminate collection of the personal information of Texans, including very sensitive information like biometric identifiers, will not be tolerated,” Attorney General Paxton said. “I will continue to fight Big Tech to ensure the privacy and security of all Texans.”
It should be noted that Google has been sued by the Texas AG before.
The Texas attorney general is leading a coalition of US states that sued the company on antitrust grounds, alleging it illegally monopolised the online advertising technology market.
Decade of concern
There has been concern in the US over the issue of facial recognition and privacy, and with the absence of a federal privacy law, US states have taken up the challenge, mostly notably the Illinois class action suit against Facebook.
Concerns about Facebook’s facial recognition first surfaced in 2011, but it wasn’t until September 2012 when Facebook, after an investigation by the Office of the Data Protection Commissioner in Ireland, voluntarily removed its face recognition software in Europe.
It did so after the practice was deemed illegal, because it stored biometric data without users’ explicit consent.
But in 2018, Facebook took the introduction of the General Data Protection Regulation (GDPR) as an opportunity to reintroduce facial recognition for European users.
It gave users a single check box to tick to accept its use, but also gave users the option of clicking a “don’t allow” button to exclude the feature.
Meanwhile, Facebook’s decision to suspend facial recognition in 2012 for European users, and not US users, triggered a lawsuit in 2015 in Illinois.
The social networking giant was sued when Illinois users accused Facebook of violating that state’s Biometric Information Privacy Act in collecting biometric data.
The lawsuit began because of Facebook’s “Tag Suggestions” feature, which allowed users to recognise their Facebook friends from previously uploaded photos.
The lawsuit was filed in Illinois because its biometric privacy law provides for damages of $1,000 for each negligent violation and $5,000 for each intentional or reckless violation.
In August 2019, Facebook failed to quash the class action lawsuit, and in January 2020 it opted to end the lawsuit after it reached a $650 million settlement.