Photo App Developer Settles with FTC over Deceptive Use of Facial Recognition Technology
Everalbum, Inc., a California-based photo app developer, has settled with the Federal Trade Commission over allegations that it deceived consumers over its use of facial recognition technology.
Everalbum’s application called “Ever” allowed users to upload photos and videos from their mobile devices, computers, or social media accounts, and organize and store them using Everalbum’s cloud-based storage.
In 2017, Everalbum launched a new feature called “Friends” that used facial recognition technology, enable by default for all mobile app users, to group users’ photographs by the faces of the people who appear in them and allowed users to “tag” people by name.
Subsequently, Everalbum represented that it would not apply facial recognition technology to users’ content unless users affirmatively chose to activate the feature. Beginning in May 2018, the company allowed users located in jurisdictions that regulate biometrics, such as Illinois, Texas, Washington and the European Union, to choose whether to turn on the face recognition feature. For other users, facial recognition was automatically active and could not be turned off until April of 2019.
Everalbum promised users that the company would delete the photos and videos of Ever users who deactivated their accounts. However, Everalbum failed to delete the photos or videos of any users who had deactivated their accounts and instead retained them indefinitely.
In addition, Everalbum combined images obtained from publicly available datasets with millions of facial images extracted from Ever users’ photos to create datasets for use in the development of its facial recognition technology. Everalbum used technology resulting from one of those datasets to provide the Ever app’s Friends feature and to develop the facial recognition services sold to its enterprise customers.
The proposed settlement prohibits Everalbum from misrepresenting its customers about how it collects, uses, discloses, maintains, or deletes personal information, including face embeddings (i.e. data reflecting facial features that can be used for facial recognition purposes) created with the use of facial recognition technology, as well as the extent to which it protects the privacy and security of personal information it collects.
In addition, the company would be required to obtain a user’s express consent before using biometric information it collects from the user through the software to create face embeddings or develop facial recognition technology.
Furthermore, as part of the proposed settlement, Everalbum will be required to delete:
- photos and videos of users who deactivated their Ever app accounts;
- all face embeddings that the company derived from the photos of Ever users who did not give their express consent to their use; and
- any facial recognition models or algorithms developed with Ever users’ photos or videos.
As mentioned above, several states already regulate the collection and use of biometric data, and a number of states have recently proposed similar regulations. In the absence of a state or federal legislation, however, the FTC settlement orders offer guidance to companies on their privacy and data management practices. The Everalbum settlement is an important development in the area of biometrics regulation and will likely require companies that market apps and software for personal use to obtain users’ express consent before using biometric information they collected to create face embeddings or develop facial recognition technology.