Biometric privacy lawsuits against retailers that allow online shoppers to virtually try on glasses and makeup are posing novel legal issues and casting uncertainty on the technology’s viability in the long run.
Companies must take heed of the legal, regulatory, and reputational risks associated with virtual try-on technology as privacy litigation climbs, attorneys warn.
Cases are already pending against cosmetics conglomerate
Some retailers offered virtual try-on tools before the Covid-19 pandemic, but widespread adoption took off as stores shuttered and people stayed at home in the spring of 2020, said David Oberly, a senior associate at Squire Patton Boggs in Cincinnati.
That “explosion” in try-on technology coincided with an upswing in related litigation in 2021 and 2022, said Oberly, who has defended companies in such lawsuits.
“In terms of figuring out how these cases will play out, there’s no great answer,” Oberly said. “These cases are still being filed but they’re being fought aggressively by defendants.”
Sunski, L’Oréal, and Estée Lauder didn’t respond to requests for comment about their use of virtual try-on technology. Attorneys representing Estée Lauder and LVMH didn’t respond to requests for comment about the pending litigation.
Warby Parker’s tool looks at “multiple data points on the user’s face” while users interact with it, but it doesn’t store any face scan data or share it with any third parties, according to the company’s App Store description.
Lawsuits against companies that offer virtual try-on technology are largely focused on eyewear and makeup retailers despite the fact that some companies, including
That may be because plaintiffs often allege violations under Illinois’ Biometric Information Privacy Act by saying companies are unlawfully collecting “scans of face geometry,” a term used in the statute’s definition of biometric identifier, he said.
Courts are currently grappling with whether applications of such technology violate BIPA, which safeguards Illinois residents’ biometric privacy rights and requires companies to seek written consent before collecting data such as iris and fingerprint scans.
While most federal lawsuits have been filed in Illinois, several are pending in the Southern District of New York and the Northern District of California.
There are currently no pending lawsuits in federal court against Perfect Corp., which provides virtual try-on capabilities to companies including
While Illinois’ biometric privacy law has been a vehicle for many plaintiffs to bring lawsuits related to virtual try-on technology, it’s not a prerequisite for litigation, said David Straite, a partner at DiCello Levitt Gutzler in New York who primarily represents consumers.
“Companies are playing with fire—they have this false sense of security that if they’re not in Illinois, they’re fine,” Straite said. “But you don’t need a biometric statute to bring unfair competition or invasion of privacy claims.”
Straite represents plaintiffs in virtual try-on lawsuits against companies but said he couldn’t comment on the pending litigation.
Though BIPA doesn’t prohibit the use of virtual try-on technology, many companies are providing such tools for consumers without giving proper notice or obtaining proper consent, Straite said. Other businesses lack accurate privacy policies.
Still, litigation related to the technology is novel, and it’s unclear how the Illinois court system will come down on the technology.
“The virtual try-on cases in Illinois are still in their early stages and there are very few substantive rulings,” said Nicola Menaldo, a partner at Perkins Coie LLP in Seattle. “Courts have not yet adjudicated core issues like whether the data implicates biometric privacy law in Illinois or what kind of notice or consent is required.”
While legal risk for use of this technology is highest in Illinois, companies everywhere should think about how they’ll issue notices related to try-on technology and update privacy policies if needed, said Carolyn Wimbly Martin, senior counsel at Lutzker & Lutzker LLP in Washington, D.C.
“If companies are going to be storing data related to these tools, they need to map out the risks of a data breach and think about how they’re going to protect it,” Martin said. “There are bad actors who find this to be a very valuable commodity.”
BIPA will remain an attractive avenue for such litigation because of its potential for large statutory damages, but companies should keep an eye on other state biometric privacy proposals as legislators introduce bills in this space, Menaldo said. Differing definitions of “biometric” may arise in each jurisdiction, making litigation more complicated down the road, she said.
Despite legal challenges, the technology is likely to continue growing in popularity because of its business utility and ease of use, Oberly said. Some companies may choose to offer the tech in all U.S. jurisdictions except Illinois to avoid the wave of litigation—but retailers are very unlikely to shy away entirely, he said.
“These lawsuits are giving companies heartburn,” Oberly said. “They’re being more cautious than they have been in the past.”