US cosmetics giant, Estee Lauder and a number of its popular beauty labels, have successfully evaded a proposed class action alleging a severe breach of data privacy law.

The company was accused of breaking biometric privacy regulations in the US state of Illinois through its employment of a “try-on” function. The tool enables customers to upload a photo of themselves to the label’s platforms to see how beauty products might look.

Presiding over the case in Chicago, Judge Lindsay Jenkins ruled in favour of Estee Lauder’s request to reject the lawsuit, citing that the plaintiffs were not able to prove the organisation could link facial scans to individual customer identities.

The issue stands as a decisive element of biometric privacy law in Illinois, which regulates the harvesting and storing of personal data such as facial structure, eye scans and fingerprints. Judge Jenkins specified that customers have the option to submit a revised complaint.

Estee Lauder and its subsidiaries, Bobbi Brown, Smashbox, and Too Faced, did not notify users that their biometric data might be collected through the “try-on” features, the allegations read. The legal action also implicated Taiwanese firm, Perfect Corp, which is behind the technology involved.

Judge Jenkins stated that the lawsuit’s four plaintiffs failed to demonstrate Estee Lauder’s ability to relate facial scans from virtual try-on widgets to individuals’ true identities. She also excluded Perfect Corp from the litigation, citing inadequate connections to Illinois for jurisdiction.

In Illinois, the Biometric Information Privacy Act came into being in 2008 to allow a private right of action to legally challenge mishandling of biometric data. The Act has given rise to thousands of cases, as well as a number of substantial settlements and verdicts; a stand-out judgement fell in 2020 when Facebook was hit by a $650 million levy to settle a BIPA class action concerning the use of facial recognition tools.

Know the risks

The Estee Lauder ruling is a sharp reminder of the vital importance of transparency, clear communication and user consent when it comes to compliant data processing. These issues are only going to become more complex as societies continue to embrace facial recognition software and other technologies powered by artificial intelligence (AI).

You can learn more about the opportunities, obligations and risks involved exclusively at Global Privacy Day this January, when industry experts will discuss the key data privacy challenges of our digital age.

Not to be missed at Global Privacy Day

Exploring Artificial Intelligence in the B2B Realm

Date: Thursday January 25th, 2024

Time: 11:00 – 11:30am GMT

In the dynamic landscape of B2B interactions, the integration of AI has become increasingly pivotal. This session delves into the strategic management of AI within collaborative business environments.

Attendees will gain insights into best practices for overseeing AI implementation with external entities, ensuring seamless integration, compliance, and fostering fruitful partnerships.

The discussion will cover key considerations, challenges, and practical approaches to harnessing the potential of AI while maintaining effective collaboration in the B2B sector.

Safeguarding AI Data

Date: Thursday January 25th, 2024

Time: 13:30 – 14:00 GMT

This engaging discussion aims to demystify common misconceptions surrounding AI data protection while shedding light on factual insights. Participants will navigate through the intricacies of safeguarding AI-generated data, gaining a comprehensive understanding of essential practices.

Whether you’re an AI enthusiast, a data protection professional or simply curious about the intersection of AI and privacy, this session promises to unravel the complexities and provide practical insights for effective AI data protection.

Safeguarding AI Data and Exploring AI Intelligence in the B2B Realm are just one of the exclusive sessions taking place at Global Privacy Day.

Securing Board Support: Effectively Articulating Privacy Strategies to Board Members

Date: Thursday January 25th, 2024

Time: 15:30 – 16:00 GMT

This session addresses the pivotal task of communicating privacy matters to board members, emphasising the need for alignment between privacy strategies and board-level understanding.

Dive into practical insights, successful communication strategies and case studies that illuminate effective ways to convey the importance of privacy initiatives. Join us for a session that bridges the communication gap and empowers you to navigate privacy discussions at the board level.

Click here to see the full agenda

Global Privacy Day

Taking place virtually on 25 January 2024, as part of Data Privacy Day, Global Privacy Day will bring together thought leaders and senior industry professionals to discuss the present landscape of data protection and privacy and the current and future challenges that professionals are up against.

This one-day event will provide a platform for attendees to network, exchange ideas, gain insight into the latest developments in the field of privacy, and the opportunity to discuss strategies and best practices to ensure the protection of data.

Click here to register for free for Global Privacy Day