Vimeo agreed to pay $2.25 million to certain users of its AI-based video creation and editing platform called Magisto to resolve claims it collected and stored their biometric data. The payout is part of a lawsuit and settlement that alleged the biometric data of users was taken without consent when they uploaded photographs and videos to the platform via the Magisto mobile app, in violation of Illinois’ Biometrics Information Privacy Act (BIPA).
Vimeo denies any wrongdoings tied to the allegations.
Vimeo purchased Magisto on April 2019. Six months after the acquisition a lawsuit was filed against Vimeo for allegedly collecting and storing users’ facial biometrics without authorization or their knowledge.
The court case “Acaley v. Vimeo” was filed in the US District Court for the Northern District of Illinois Eastern Division. The lawsuit claims the app collected and stored highly detailed facial maps using AI engines to analyze the videos uploaded onto the platform, including detecting faces, while Vimeo was accused of creating, collecting, and storing “face templates” of users.
These detailed geometric face maps, scraped from “thousands of Magisto users,” allegedly allowed Vimeo to create templates through facial-recognition technology that extracts user data and analyzes the facial points and contours that appear on user uploaded content. The templates were crafted to each user, much like a fingerprint, in direct violation of BIPA.
“Unbeknownst to the average consumer…. [the lawsuit claims] Magisto's facial recognition technology scans each and every video and photo uploaded to Magisto for faces, extracts geometric data relating to the unique points and contours of each face, then uses that data to create and store a template of each face—all without ever informing anyone of this practice.”
The tech used by Magisto also leverages the gathered biometrics to identify users’ age, gender and location, according to the lawsuit.
The class action lawsuit was filed by individuals who appear in photographs and videos uploaded to Magisto and accused Vimeo of scraping their biometrics without proper notice and consent between Sept. 20, 2014, and Jan. 20, 2023.
The individuals claimed these “privacy” practices violated the state of Illinois' stringent privacy law, which protects biometric data like iris scans, voiceprint, fingerprint, or hand scans, and other means to identify a person.
BIPA was enacted in 2008 and bars private entities from collecting, capturing, purchasing, or obtaining biometric identifiers or biometric data of individuals without authorization. The law also requires companies to provide informed consent about potential biometric collection, as well as its purpose and for how long the data will be collected and stored.
In 2018, the Illinois Supreme Court ruled an individual can sue an entity that allegedly violates BIPA, even without proof or allegations of actual injury or adverse event. If an individual feels their rights have been violated under BIPA, they can sue for liquidated damages, attorney’s fees, and injunctive relief.
Under the law, individuals may be eligible for up to $1,000 per each negligent violation, or $5,000 for reckless or intentional violations.
The Vimeo settlement will pay attorneys’ fees and administration expenses, while providing benefits for Illinois residents who were present in photos or videos and detected by the Magisto app. The $2.25 million includes the total extent of Vimeo’s monetary obligations, but “no portion of the settlement… shall revert back to or be refunded to [Vimeo] after” the settlement is finalized.”
The final hearing for the settlement proposal is scheduled for June 29.