Technology makes it easy to share and tag images of your face online. But recent lawsuits against Facebook, Google and Shutterfly argue that the companies violate the Illinois Biometric Information Privacy Act by doing so without your consent.
While two cases are ongoing — Shutterfly just agreed to an undisclosed settlement with an Illinois man — they highlight how even your face has become valuable information to companies for marketing and other purposes.
Carla Michelotti is an independent marketing and regulatory strategist who retired in October 2015 as executive vice president, chief legal, government and corporate affairs officer for Chicago-based advertising giant Leo Burnett Worldwide.
Michelotti offered some tools and tips on understanding — and controlling — how marketers use your face and other personal data.
Q: What’s the main issue in these legal cases?
A: Whether it was Shutterfly, Facebook or Google, the plaintiffs were alleging that they never gave permission or agreed to give consent to the companies to collect, store and tag a photo of their face.
The biometric law in Illinois was likely not written with Shutterfly and Facebook photo identification in mind. It was written with the intent to protect the use of biometric identifiers like DNA and blood tests. It will be interesting to see the extent to which this Illinois law will be stretched in its interpretation to apply to these cases.
Q: What are the larger implications for the average person?
A: It’s important for all of us to be a lot more educated about privacy and data, because we live in a world where consumers understand that there are some transactional benefits in sharing personal data about themselves. But how are you using that personal data, and is it being used in a way that is inconsistent with the implied permission I gave for you to use that data?
Q: Can you give an example?
A: If you went to an ice cream store and the store knows that you buy half-gallons of chocolate ice cream, and it had your special flavor waiting for you when you came in and sent you special coupons and emails, you’re happy.
But sharing it in an unintended way with an insurance company, with a doctor or your health club, or for unsolicited messages from your athletic coach that you’re eating too much ice cream, that’s too much. You would feel that would be an invasion of your privacy.
Q: How can people protect their privacy and still benefit from sharing data?
A: There are lots of surveys online, so be aware when you receive one. I suspect that a high percentage — if not all — are gathering data. It gathers information and “personal” data about your personal online history, even though it doesn’t include your name, so you’ll be receiving more specific information and advertising that is more tailored to your interests.
So, if you answer a survey saying that you really enjoy the Nantucket, Mass., area, you may suddenly receive information about Nantucket. Does that bother you? Well, you said you like Nantucket, and it should be more of interest to you. That’s the value exchange in the data sharing.
You can read the privacy policies. These days, privacy polices are supposed to be written in English so consumers can understand them. And there usually is a section that says, “How we share your data.”
Q: What else can people do?
A: There’s a great website that the Digital Advertising Alliance has at youradchoices.com. It’s a good point of entry to learn about the ad choices icon. Consumers can look in the corner of ads they receive for the icon that looks like a lower case “i” with a little triangle around it.
The icon is a tool that tells you why you’re receiving the advertising, and it connects you to how the data is being collected about you.
If you wanted to remove yourself from that database, you could do that. It gives you some control and provides transparency regarding the gathering of the information that is being sent to you.