The law is called the Biometric Information Privacy Act. Although facial recognition was relatively crude when it was passed, the wisdom of the Illinois decision has been played out over the last decade, as facial recognition and other biometric collection has developed and spread.

On December 17, the American Civil Liberties Union (ACLU) co-filed a friend-of-the-court brief in federal appeals court defending the Illinois law against arguments advanced by Facebook trying to remove the law’s pro-privacy teeth.

Under the law, a company may collect a person’s biometric identifiers — like fingerprints or data from a person’s face or iris — only if it first obtains informed consent from that person. In the case now pending in the Ninth Circuit Court of Appeals, Facebook users in Illinois have alleged that the company violated their rights under the law by using facial recognition technology to identify them in digital images uploaded to the site without disclosing its use of facial recognition or obtaining consent.

One of Facebook’s arguments in the case is that people should not have an automatic right to sue when their biometric information has been collected in violation of the law. Rather, they must prove that they have suffered monetary or other damages. As we explain in our brief, however, that runs counter to the Illinois Legislature’s intent, which was to provide strong, enforceable protection against surreptitious collection of sensitive biometric data.

In the decade since passage of the law, the need for its protections has become crystal clear. As explained in the brief from December 18: