Microsoft Seeks Summary Judgment in IBM Database BIPA Suit

Last week, Microsoft Corporation filed a renewed motion for summary judgment in an Illinois Biometric Information Privacy Act (BIPA) case filed by Illinois residents over its alleged use of facial recognition technology on a dataset of about 1 million publicly available photographs. The company says there is no dispute about several things, including that it took no action in Illinois and had no knowledge that any photos of Illinois residents may have been contained therein, rendering liability too attenuated.

Law Street Media’s previous coverage explained that the dataset was created from images uploaded by individuals to the Flickr platform, cataloged into a dataset by IBM, and downloaded by Microsoft. The plaintiffs object to the alleged fact that Microsoft improperly used the dataset to improve the fairness and accuracy of its facial recognition products without their consent.

The renewed motion comes after the plaintiffs asked for and were granted additional time for discovery, thereby deferring Microsoft’s summary judgment initial motion. At the same time the Seattle, Wash. court granted the discovery extension, it struck the plaintiffs’ pending motion for class certification without prejudice.

Now, Microsoft asserts that BIPA cannot apply to it, a Washington-based company that neither acted in Illinois nor had any idea that photos of or data regarding Illinois residents may have been in the dataset, as the evidence has shown. In its extraterritoriality defense, the company claims application of BIPA would offend legal bounds because it “engaged in no conduct that allegedly violated BIPA ‘primarily and substantially’ in Illinois.”

In its related dormant Commerce Clause assertion, Microsoft explains that the plaintiffs’ reading of BIPA conflicts with the Washington Biometric Privacy Law and New York law—the states in which Microsoft downloaded the dataset in question.

Additionally, Microsoft contends that one contested BIPA provision, Section 15(b), does not apply because it had no way of notifying individuals or obtaining their consent before downloading the dataset. 

The defendant argues that the law “cannot be read to impose onerous research and notice requirements on businesses or academic institutions seeking to acquire a legitimate dataset with publicly available photographs of unknown persons, along with annotations of some of the faces depicted.” Instead, it cites an Illinois Supreme Court opinion underscoring that BIPA compliance “‘should not be difficult,’ so that ‘whatever expenses a business might incur to meet the law’s requirements are likely to be insignificant.’”

The summary judgment hearing is scheduled for June 10.

The plaintiffs are represented by Loevy & Loevy and Lynch Carpenter LLP. Microsoft is represented by Morgan, Lewis & Bockius LLP and Davis Wright Tremaine LLP.