Online contracts trip the line that draws on possible arguments for applying the choice of law principles. Platform terms of service, though frequently updated, may not be providing appropriate notice to inform the public user. Data collection practices of social media platforms for purposes of claimed efforts to provide enhanced services to the user public may be seen a violating user privacy and rights. Online contracts whose terms change under the conditions that they are effective as they are changed with the implied understanding and consent of the user, may run on thin ice. The element of affirmative consent is seen as absent from the equation in a recently filed case arguing among other points, privacy infringement.
An Illinois case involving Facebook’s face-scanning tag suggestion feature, raises these issues. The face tagging process has enhanced the popular platform’s features for interactivity among subscribers. It has garnered recognition data using biometrics. It could the largest conglomeration of such data on the Internet. The question of the purpose for such collection and its security linger. The suit filed against Facebook draws on issues of privacy and the absence of consent to the terms of an online contract.
According to the suit text, the plaintiffs claim that the photo-tagging process creates images of the users face and that this process is not consented to by the user. In Illinois where the case was filed, there is a provision that prohibits such process. The Illinois Biometric Information Privacy Act (BIPA) does not allow for the generation nor the collection of identifiers which include fingerprints and faceprints. Accordingly there must be consent for this process and also the process that involves retrieving DNA data of a user. Consent is paramount.
While this may be a matter of consent for executing a process that infringes on privacy, the case has turned on the choice of law issue whereby the social media platform has sought to dismiss the case arguing that California law is applicable and not Illinois. But with the parties moving the case to California, and California not having a similar provision, the social media company has argued that the claim is without merit. The wrinkle is that the court’s determination of the insufficiency of the social media company’s terms of service renders the Illinois provision applicable and it did not grant dismissal as requested by Facebook. Facebook argued in its motion to dismiss that BIPA is effective and that the users had consented to be bound by California law. Furthermore, in the absence of an applicable provision in California, the case is without merit. It stood on the principle that the tagging process was not governed by BIPA. The court found that Illinois law applies and that the plaintiffs have stated a claim under BIPA.
The challenges to this process have remarkable traction in the industry and cause some reflection to the aspects of online contracts. The online contractual constructs of clickwrap and browsewrap online agreements have been dealt with construing invalidity. The Second Circuit in Specht v. Netscape was not convinced in a browsewrap scenario that by the consumer clicking on a button to initiate a download it had manifested his or her consent to the terms. The court reasoned that without a clear notice to the consumer that by selecting the download icon it was actually expressing consent, that act did not suffice to construe that the consumer had consented to the terms and conditions. In this case, the Court determine that Facebook’s agreement was enforceable but did not include the choice of law provision in the decision, stating that the privacy interests of the citizens of Illinois could be jeopardized if the choice of law provision is enforced. It could not ignore Illinois’ BIPA provision and respected the legitimate state interest of Illinois. It is interesting to note that while this case may be seen as a matter contracting and choice of law heavily utilized by Internet and technology related businesses, it hinges on the prominence of user’s expressed consent to privacy infringing process and not bout restricting innovation.
 In re Facebook Biometric Information Privacy, (ND Cal. May 5, 2016)
 Specht v. Netscape Communications Corp., 306 F.3d 17 (2nd Cir.2002). ‘browsewrap’