Last week, the Federal Trade Commission (“FTC”) announced a proposed settlement with a developer of a photo storage app that allegedly deceived consumers in violation of the prohibition on unfair or deceptive acts and practices found in §5(a) of the Federal Trade Commission Act. As part of the proposed settlement, the developer, Everalbum, Inc. (“Everalbum”), agreed to certain injunctive relief. Everalbum offered an app called “Ever” that allowed users to upload photos and videos from their mobile devices, computers, or social media accounts to be stored and organized using a cloud-based storage service. The FTC alleged that in February 2017, Everalbum launched a new feature in the Ever app, called “Friends,” that used facial recognition technology to group users’ photos by the faces of the people who appear in them and allowed users to “tag” people by name. Everalbum allegedly enabled facial recognition by default for all users when it launched the Friends feature.
Glenn Brown explains at Security & Privacy Bytes that the proposed settlement prohibits Everalbum from misrepresenting how it collects, uses, discloses, maintains, or deletes personal information, and the extent to which it protects the privacy and security of personal information. Under the proposed settlement, if Everalbum markets software to consumers for personal use, it must obtain a user’s express consent before using photos or videos collected from the user to develop data derived from an image of an individual’s face or to develop facial recognition technology. Given the FTC’s focus on the collection and use of biometric data and wider concerns being raised in regard to facial recognition technology and the processing of biometric data more generally (as evidenced by recent litigation against Clearview AI and social media companies, as well as enforcement of a growing number of state laws regulating the use of biometric data), businesses should carefully review their practices and privacy policies relating to the use of these applications.