Texas Takes Google to Court Over Allegedly Harvesting Biometric Data Without Consent

Texas Attorney General Ken Paxton, a Republican, filed suit against Google last week for alleged violations of state law against collecting biometric data without informed consent.

The Capture or Use of Biometric Identifier Act, which the Lone Star State enacted in 2009, prohibits technology companies from using data such as retina or iris scans, fingerprints, voiceprints, or records of hand and face geometry for commercial purposes without permission. The complaint, filed in the District Court of Midland County, Texas, argues that Google has collected such information in “blatant defiance” of the statute since at least 2015.

“Google’s indiscriminate collection of the personal information of Texans, including very sensitive information like biometric identifiers, will not be tolerated,” Paxton remarked in a press release.

Among other examples, the lawsuit argues that Google Photos uses facial recognition technology for uploaded pictures, including those with nonconsenting bystanders, to render its algorithm “better at scanning and analyzing faces” through machine learning, thereby enhancing the company’s commercial products. Likewise, Google Assistant allegedly collects voiceprints and uses the information to heighten the accuracy of voice recognition technology.

“Many Texans do not realize that their contributions to the tech giant’s financial growth include offering up for inspection two of the most uniquely personal features any individual has to call their own,” the complaint continued. “The proliferation of the commercialization of Texans’ personal biometric identifiers is as invasive as it is dangerous.”

Paxton filed suit earlier this year against Meta, formerly called Facebook, because the company had allegedly stored millions of biometric identifiers uploaded by users as well as non-users. Facebook ended its facial recognition system last year following a class action lawsuit stemming from violations of Illinois privacy law, which the company settled for $650 million.

Other technology companies have faced scrutiny from lawmakers over user data collection. Earlier this year, Amazon smart doorbell company Ring told Sen. Ed Markey (D-MA) that the firm had provided law enforcement with videos from user devices in emergency situations after making a “good-faith determination that there was an imminent danger of death or serious physical injury” to someone needing information.

The lawmaker said that the policy justifies passage of the Facial Recognition and Biometric Technology Moratorium Act, which would prohibit state and federal entities from accessing Americans’ biometric data. “As my ongoing investigation into Amazon illustrates, it has become increasingly difficult for the public to move, assemble, and converse in public without being tracked and recorded,” Markey said in a press release. “We cannot accept this as inevitable in our country.”

More recently, a report from Forbes revealed that ByteDance, the Chinese parent company of the social media platform TikTok, planned to track the location of specific American citizens. The company’s internal audit and risk department was originally meant to investigate misconduct from current and former employees, yet the team allegedly planned on multiple occasions to collect data about the location of an American who had never been employed by ByteDance.

According to an analysis from TheWrap released earlier this year, TikTok is sidestepping privacy protections from Apple and Google to collect user data, allowing ByteDance and third parties to access the information.