BIPA and Biometric Privacy: Your Face Is Worth Billions—How to Claim Your Share
Meta paid $2B+ for facial recognition violations. Clearview AI scraped 60 billion faces. 107+ lawsuits in 2025. Complete guide to BIPA rights, active settlements, and how to recover.
By Compens.ai Editorial Team
Insurance Claims Expert
BIPA and Biometric Privacy: Your Face Is Worth Billions—How to Claim Your Share
Updated: December 2025
The Billion-Dollar Face Recognition Settlements
Your face, fingerprints, and voice are worth more than you think—literally billions of dollars. In the past five years, tech companies have paid out some of the largest privacy settlements in history for illegally collecting and using people's biometric data without consent.
Meta alone has paid over $2 billion in biometric privacy settlements: $1.4 billion to Texas for Facebook's facial recognition, $650 million to Illinois users, and $68.5 million for Instagram's practices. Clearview AI—the company that scraped 60 billion faces from the internet—agreed to a $51.75 million settlement giving class members equity in the company.
This isn't theoretical harm. These settlements represent real money paid to real people because companies treated your most personal biological identifiers as commodities to be harvested without asking.
The Biometric Privacy Settlement Landscape
| Case | Settlement | Year | Violation | |------|------------|------|-----------| | Meta (Texas - AG) | $1.4 billion | 2024 | Facial recognition without consent | | Meta (Illinois - Class Action) | $650 million | 2022 | Facebook Tag Suggestions | | Meta (Instagram) | $68.5 million | 2024 | Instagram facial data | | Clearview AI | $51.75 million (equity) | 2025 | Scraping 60 billion faces | | Speedway | $12.1 million | 2025 | Employee fingerprints | | Google Photos | $100 million | 2022 | Facial grouping feature | | TikTok | $92 million | 2022 | Biometric data collection |
---
Understanding Biometric Privacy Laws
What Are Biometrics?
Biometric identifiers are unique biological characteristics that can identify you:
Physical Biometrics:- •Fingerprints
- •Facial geometry (the measurements that make your face unique)
- •Iris and retinal scans
- •Hand geometry
- •Voiceprints (the unique characteristics of your voice)
- •Typing patterns
- •Gait (how you walk)
- •Signature dynamics
Unlike passwords or credit card numbers, you can't change your biometrics if they're compromised. Once your facial geometry or fingerprints are stolen, they're stolen forever.
Why Biometric Privacy Matters
Permanence: Unlike passwords, you can't reset your fingerprints after a data breach.
Surveillance potential: Facial recognition enables tracking without consent—in stores, on streets, by employers, by law enforcement.
Commercial exploitation: Companies use your biometrics to train AI systems worth billions while paying you nothing.
Identity theft risk: Biometric data theft enables sophisticated identity fraud that's nearly impossible to recover from.
Discrimination: AI systems trained on biometric data have shown documented bias against people of color, women, and other groups.
---
Illinois BIPA: The Gold Standard
What BIPA Requires
The Illinois Biometric Information Privacy Act (BIPA), enacted in 2008, remains the strongest biometric privacy law in the United States. It requires:
1. Informed Consent Before collecting biometrics, companies must:- •Inform you in writing that biometric data will be collected
- •Explain the specific purpose for collection
- •State how long the data will be kept
- •Obtain your written release
2. Prohibition on Sale Companies cannot sell, lease, or trade biometric data.
3. Reasonable Safeguards Businesses must protect biometric data using standards at least as protective as other sensitive data.
4. Retention Limits Companies must develop written policies establishing retention schedules and destroy data when the purpose is fulfilled or within 3 years of last interaction.
5. Private Right of Action Most importantly, BIPA allows individuals to sue directly—you don't have to wait for a government agency to act.
BIPA Damages
Negligent violations: $1,000 per person or actual damages (whichever is greater)
Intentional/reckless violations: $5,000 per person or actual damages (whichever is greater)
Plus attorney's fees and costs, making it economically viable for lawyers to take these cases.
The 2024 Amendment: Important Changes
In August 2024, Illinois Governor J.B. Pritzker signed the first amendment to BIPA, significantly changing the damages calculation:
Before: Under the Illinois Supreme Court's Cothron v. White Castle decision (2023), each individual biometric scan could be a separate violation. An employee who clocked in with a fingerprint twice daily for 5 years could claim thousands of violations.
After: The 2024 amendment treats repeated biometric collections from the same person using the same method as a single violation. This significantly limits potential damages but still preserves meaningful penalties.
What this means for you: If you haven't filed a claim yet, the amended law applies. You can still recover $1,000-$5,000, but not per-scan damages.
---
BIPA Litigation Explosion: 2025
The Numbers
As of mid-2025:- •107+ new BIPA lawsuits filed in Illinois in 2025 alone
- •Class actions continue despite the 2024 amendment
- •Employers remain primary targets for fingerprint time clock violations
- •Retail and hospitality sectors seeing increased litigation
Who's Getting Sued?
Employers Using Fingerprint Time Clocks The most common BIPA violation: requiring employees to clock in using fingerprints without proper consent. Companies including:- •Speedway (settled for $12.1 million in 2025)
- •White Castle (ongoing litigation after Supreme Court ruling)
- •Thousands of Illinois employers using biometric timekeeping
- •Meta (multiple settlements totaling over $2 billion)
- •Google ($100 million for Google Photos facial recognition)
- •TikTok ($92 million settlement)
- •Clearview AI ($51.75 million)
- •Stores using facial recognition for loss prevention
- •Venues using biometric entry systems
- •Any business that photographs customers and uses facial analysis
Recent Landmark Cases
Clearview AI Settlement (March 2025)
On March 20, 2025, U.S. District Judge Sharon Johnson Coleman approved a nationwide class-action settlement against Clearview AI that created a first-of-its-kind remedy: class members received a 23% equity stake in the company.
What Clearview did:- •Built a database of 60+ billion facial images
- •Scraped photos from Facebook, LinkedIn, Venmo, news sites, and other public sources
- •Sold facial recognition services to law enforcement and private companies
- •Never obtained consent from any of the billions of people in its database
The controversy: 22 state attorneys general and the District of Columbia filed a joint amicus brief opposing the settlement, arguing it failed to stop Clearview from continuing to gather and monetize facial data without consent.
Meta Texas Settlement ($1.4 Billion - July 2024)
Texas Attorney General Ken Paxton secured the largest privacy settlement in state AG history:
The allegations:- •Meta unlawfully captured biometric identifiers of millions of Texans
- •The "Tag Suggestions" feature analyzed facial geometry without consent
- •Violated Texas Capture or Use of Biometric Identifier Act (CUBI)
- •Violated Texas Deceptive Trade Practices Act
The result: $1.4 billion—paid to the state, not individuals. This is why private rights of action (like BIPA provides) matter: they let you sue directly rather than hoping your state AG will act.
---
Your Rights Beyond Illinois
Texas CUBI
The Texas Capture or Use of Biometric Identifier (CUBI) law prohibits:- •Capturing biometric identifiers without informed consent
- •Selling, leasing, or disclosing biometric identifiers
Key limitation: No private right of action. Only the Texas Attorney General can enforce. However, Meta's $1.4 billion settlement proves AG enforcement can be powerful.
Washington State Biometric Privacy Law
Washington's law (RCW 19.375) requires:- •Notice before enrollment in biometric system
- •Consent for biometric identifier use
- •Data protection requirements
Limitation: Limited private enforcement rights.
States Considering BIPA-Like Laws
As of 2025, several states have pending biometric privacy legislation:
| State | Status | Key Features | |-------|--------|--------------| | New York | Pending | BIPA-modeled, private right of action | | Massachusetts | Pending | Strong consent requirements | | Missouri | Under consideration | Employer-focused protections | | Maryland | Proposed | Facial recognition restrictions |
Why this matters: If you're in a state considering such laws, contact your legislators. These laws only pass when constituents demand them.
California (CCPA/CPRA)
California's privacy laws include biometric data in the definition of "sensitive personal information" requiring:- •Clear notice of collection
- •Right to opt out of sale/sharing
- •Right to delete
- •Right to correct
However, California lacks BIPA's per-person statutory damages, making enforcement weaker.
---
How to Recover Money From Biometric Privacy Violations
Step 1: Determine If You're Affected
Have you:- •Used facial recognition features on Facebook/Instagram/TikTok?
- •Clocked in using fingerprints or facial recognition at work?
- •Used a gym that scans fingerprints for entry?
- •Had your photo taken at a store that uses facial recognition?
- •Appeared in photos scraped by Clearview AI (likely if you've ever posted photos online)?
If yes to any of the above and you're in Illinois, you may have BIPA claims.
Step 2: Check for Existing Settlements
Many settlements are ongoing. Check if you're a class member:
Active/Recent Settlement Websites:- •Search for "[Company name] BIPA settlement" for specific cases
- •Check topclassactions.com for current biometric privacy settlements
- •Sign up for class action databases to receive notifications
- •File a claim before the deadline (usually 90-180 days from notice)
- •Provide required documentation (proof of employment, account ownership, etc.)
- •Wait for distribution (typically 6-18 months after settlement approval)
Step 3: Document Current Violations
If you're experiencing ongoing violations:
Collect evidence:- •Policies (or lack thereof) about biometric collection
- •Screenshots of consent forms (or their absence)
- •Employment records if workplace-related
- •Photos of biometric devices used
- •Any communications about biometric data
- •When did biometric collection start?
- •Were you informed in writing?
- •Did you sign a consent form?
- •What biometric methods are used?
- •How long has collection continued?
Step 4: Consider Your Options
Join an Existing Class Action- •Easiest path; lawyers handle everything
- •Smaller individual recovery but no cost/risk
- •Check BIPA litigation tracker (stopspying.org) for active cases
- •Potentially larger recovery
- •Need to find attorney (many work on contingency)
- •Appropriate for clear, well-documented violations
- •Illinois AG: For pattern of violations
- •Texas AG: They've proven willingness to act aggressively
- •FTC: For unfair or deceptive practices
Step 5: Protect Yourself Going Forward
At Work:- •Read any biometric consent forms carefully before signing
- •Ask questions about data retention and sharing
- •Request written policies
- •Disable facial recognition features when offered
- •Review privacy settings on social media
- •Opt out of facial grouping/tagging features
- •Use privacy-focused browsers and extensions
- •Ask about facial recognition when you see cameras
- •Inquire about fingerprint/biometric alternatives
- •Choose businesses that don't require biometric data
---
Common BIPA Violations You Might Not Recognize
Workplace Biometrics
Time clocks: Fingerprint or facial recognition punch-in systems require BIPA compliance. Many employers implemented these systems without proper consent.
Access control: Badge systems using fingerprints or facial recognition for building access.
Equipment operation: Machinery requiring biometric verification to operate.
Screening: Background check companies using facial recognition.
Consumer Facing
Retail facial recognition: Some stores use facial recognition to identify shoplifters—or just to track customer behavior.
Age verification: Kiosks using facial analysis to verify age for alcohol/tobacco.
Payment systems: "Pay with your face" or fingerprint payment options.
Fitness centers: Gyms using fingerprint scanners for entry.
Online Services
Photo tagging: Automatic facial recognition in photos.
Filters and effects: AR filters that map facial geometry.
Voice assistants: Voiceprint analysis for speaker identification.
Video platforms: Facial analysis for content recommendation or authentication.
---
The Clearview AI Problem: Your Face in 60 Billion
What Clearview Did
Clearview AI represents the worst-case scenario for biometric privacy:
The scraping operation:- •Collected 60+ billion facial images from across the internet
- •Sources included Facebook, Instagram, LinkedIn, Venmo, news sites, and more
- •Built a searchable database available to law enforcement and private clients
- •Never obtained consent from anyone
- •Upload a photo of any person
- •Clearview returns potential matches from billions of images
- •Includes links to where those photos appeared online
- •Enables identification of nearly anyone with an online presence
Why It Matters
You're likely in the database if you've ever:- •Posted photos on social media
- •Appeared in news articles
- •Had photos posted by friends/family
- •Been photographed at public events
- •Law enforcement can identify you from any photo
- •Stalkers could use similar technology
- •Political dissidents can be identified and tracked
- •Immigrants and activists face heightened surveillance risks
The Settlement's Limitations
The $51.75 million Clearview settlement drew criticism because:- •It didn't require Clearview to delete the database
- •Class members receive equity in a company that continues its practices
- •No actual injunctive relief stopping future violations
- •22 state AGs opposed the settlement
Key lesson: Sometimes settlements protect companies more than consumers. That's why ongoing advocacy and stronger laws matter.
---
The Future of Biometric Privacy
Where Laws Are Heading
Federal regulation: Congress has considered federal biometric privacy legislation but hasn't passed comprehensive rules. The EU's GDPR includes biometric protections; US federal law lags behind.
State expansion: More states are likely to pass BIPA-like laws as awareness grows and technology advances.
AI regulation: As facial recognition and biometric AI become more powerful, pressure for regulation increases.
What You Can Do
Advocate for stronger laws:- •Contact state legislators about biometric privacy bills
- •Support organizations fighting for privacy rights
- •Share information about biometric privacy with others
- •Choose businesses that respect biometric privacy
- •Opt out when possible
- •Demand transparency about data collection
- •Follow biometric privacy litigation
- •Sign up for class action notifications
- •Monitor settlement opportunities
---
Resources
Legal Help
- •BIPA Litigation Tracker: stopspying.org/bipa-litigation-tracker
- •State bar lawyer referral: Most state bar associations have referral services
- •Employment rights organizations: For workplace biometric issues
- •ACLU: aclu.org (advocacy and sometimes legal representation)
Checking for Settlements
- •Top Class Actions: topclassactions.com
- •Class Action.org: classaction.org
- •Consumer Action: consumer-action.org
Privacy Advocacy
- •Electronic Frontier Foundation: eff.org
- •Electronic Privacy Information Center (EPIC): epic.org
- •Fight for the Future: fightforthefuture.org
Contacting Regulators
- •Illinois AG: illinoisattorneygeneral.gov
- •Texas AG: texasattorneygeneral.gov
- •FTC: reportfraud.ftc.gov
- •Your state AG: naag.org (directory)
---
Conclusion: Your Biometrics, Your Rights
The biometric privacy revolution is happening now. Companies that treated your face, fingerprints, and voice as free commodities are paying billions in settlements. But this is just the beginning.
The stakes are enormous:- •Your biometric data is permanent—once compromised, it can never be changed
- •Technology is advancing faster than laws can keep up
- •Without strong protections, biometric surveillance will become ubiquitous
- •Check for existing settlements you may be part of
- •Document violations you're currently experiencing
- •Exercise your rights under state laws
- •Advocate for stronger laws in your state and federally
- •Make privacy-conscious choices about which businesses you support
The billion-dollar settlements prove that biometric privacy violations have consequences. But those consequences only exist because people like you demanded accountability.
Your face is worth protecting. Your voice matters. Your fingerprints are yours. Don't let companies profit from your body without consent—or compensation.
---
This guide provides general information about biometric privacy rights and does not constitute legal advice. Laws vary by state and are subject to change. Consult with a privacy attorney for specific situations.
Sources: BIPA Litigation Tracker, Biometric Update, National Law Review
Last Updated: December 2025