fbpx

Mary Kay Cosmetics Virtual Try-On Biometrics BIPA Class Action

At the website for Mary Kay Cosmetics, Inc., consumers can virtually “try on” the company’s make-up products with its “MirrorMe” program. But the complaint alleges that this program’s “features function, at least in part, by scanning, collecting, storing, and using customers’ or potential customers’ facial biometrics.” Why is this a problem? The complaint alleges it exposes those who use the program “to serious and irreversible privacy risks” and also violates the Illinois Biometric Information Privacy Act (BIPA).

The class for this action is all persons whose biometric identifiers, facial geometry, faceprints, or facial data was captured, collected, or received by Mary Kay Cosmetics while the persons were living in Illinois, between July 29, 2016 and the date the class is certified in this case.

In make-up try-on programs, facial scans allow the program to properly position the cosmetics on the faces of customers or potential customers. But this can raise privacy concerns.

Biometrics are different from other forms of identification or authentication, because if they are lost or stolen, they cannot be canceled and replaced. The complaint says, “For example, if a biometric database is hacked, breached, or otherwise exposed … consumers have no means by which to prevent identity theft, unauthorized tracking, and other improper or unlawful use of this information.”

To protect its citizens, Illinois has tried to establish some minimal requirements for private businesses that intend to collect, store, or use biometrics:

  • They must inform the individual in writing that the biometrics will be collected and tell them of the purpose and length of time for which the biometrics will be used.
  • They must obtain a written release from the individual.
  • They must make available a written policy as to when they will permanently destroy the biometrics.
  • The complaint specifically notes, “Burying a vague reference to biometric information in an online privacy policy is not sufficient to comply with BIPA’s requirements.”

Under BIPA, these requirements are a precondition for collecting or storing the biometric information. However, the complaint claims that the Mary Kay website collects, stores, and uses consumers’ biometrics without meeting these requirements.

The complaint asks for an injunction against the company, requiring it to comply with the provisions of BIPA from now on. It also asks for “damages available under [] BIPA, including liquidated damages of $1,000 per negligent violation, $5,000 per willful or reckless violation, or actual damages, whichever is greater.”

Article Type: Lawsuit
Topic: Privacy

Most Recent Case Event

Mary Kay Cosmetics Virtual Try-On Biometrics BIPA Complaint

July 29, 2021

At the website for Mary Kay Cosmetics, Inc., consumers can virtually “try on” the company’s make-up products with its “MirrorMe” program. But the complaint alleges that this program’s “features function, at least in part, by scanning, collecting, storing, and using customers’ or potential customers’ facial biometrics.” Why is this a problem? The complaint alleges it exposes those who use the program “to serious and irreversible privacy risks” and also violates the Illinois Biometric Information Privacy Act (BIPA).

Mary Kay Cosmetics Virtual Try-On Biometrics BIPA Complaint

Case Event History

Mary Kay Cosmetics Virtual Try-On Biometrics BIPA Complaint

July 29, 2021

At the website for Mary Kay Cosmetics, Inc., consumers can virtually “try on” the company’s make-up products with its “MirrorMe” program. But the complaint alleges that this program’s “features function, at least in part, by scanning, collecting, storing, and using customers’ or potential customers’ facial biometrics.” Why is this a problem? The complaint alleges it exposes those who use the program “to serious and irreversible privacy risks” and also violates the Illinois Biometric Information Privacy Act (BIPA).

Mary Kay Cosmetics Virtual Try-On Biometrics BIPA Complaint
Tags: BIPA, Taking/Storing/Using Biometric Data, Your Privacy