Back in 2008, Illinois passed a law barring companies from collecting customers’ personal biometric information without their prior permission. Companies in Illinois also were required to develop a policy, and make it readily available, that laid out how those biometric data would be stored and when they would be destroyed.
Facebook was accused of violating that law when it decided to use its facial recognition technology to analyze users’ photos in order to create and store “face templates.” Users’ faces are plainly biometric data in this context, the data were taken by Facebook without the owners’/users’ permission, and in 2015, folks sued Facebook over its misbehavior.