Advertising and Media


FTC Sharpens Focus on Biometrics with Facial Recognition Settlement

February 9, 2021

With the rising use of biometrics and facial recognition software in consumer-based applications, the FTC is cracking down—more than ever—on the unauthorized use of facial recognition technology. How? In its recent settlement order and in stark contrast with past settlements for similar alleged conduct, the FTC has required Everalbum, Inc. (“Everalbum”), a California-based developer of a photo storage and organization application called “Ever,” to delete (1) the photos and videos of Everalbum app users who deactivated their accounts; (2) all face embeddings—data reflecting features that can be used for facial recognition purposes—that the company derived from the photos of Everalbum users who did not give their express consent to their use; and (3) any facial recognition models or algorithms developed with Everalbum users’ photos or videos.

On January 11, Everalbum settled with the FTC on allegations that the company made misrepresentations regarding consumers’ ability to control the Everalbum App's face recognition feature and their ability to delete their Everalbum Users' photos upon account deactivation.

The Complaint states that, in February 2017, the company launched a “Friends” feature on the app that enabled facial recognition to group users’ photos based on similar looking faces. According to the Complaint, between July 2018 and April 2019, Everalbum allegedly represented that it would not apply its facial recognition technology to users’ content unless users affirmatively chose to activate the feature. Prior to April 2019, only Everalbum mobile app users located in Texas, Illinois, Washington, and the European Union could disable the facial recognition feature. Users located outside of these jurisdictions—which coincidentally impose biometric laws—could not disable the feature, which was actually enabled by default. Additionally, between September 2017 and August 2019, the company combined millions of facial images extracted from users’ photos with facial images pulled from publicly available sources in order to create four new datasets to be used in the development of its face recognition technology. The Complaint further alleged that the company did not delete the photos or videos of users who requested their account to be deactivated, despite representations that the company made to its consumers stating that a deactivated account resulted in the permanent deletion of the users’ photos and videos.

Under this consent order, Everalbum owes no monetary damages and no civil penalties unless the consent order is violated. The proposed settlement requires the company to obtain users’ express consents to use their facial images to develop new facial recognition. Further, the proposed settlement forces Everalbum to delete all of the algorithms it developed as a result of the facial images they used. This latter requirement, mandating that the company erase its intellectual property, is highly unusual.

As the settlement demonstrates, representations related to the use of consumers’ biometric information is highly scrutinized and a key focus for the FTC. Consistent with the Everalbum and other recent FTC settlements, companies should consider clearly and conspicuously disclosing to consumers how and why such information is collected and used. Further, companies should consider including this disclosure separate and apart from any “privacy policy” and/or “terms of conditions” page. And, of course, companies must actually adhere to promises regarding how consumer data is and isn’t used.

For more information, please contact the professional(s) listed below, or your regular Crowell & Moring contact.

Kristin J. Madigan, CIPP/US
Partner – San Francisco
Phone: +1.415.365.7233
Email: kmadigan@crowell.com
Helen O. Ogunyanwo
Counsel – Washington, D.C.
Phone: +1.202.624.2585
Email: hogunyanwo@crowell.com