Federal Court Certifies Class of 6M Illinois Users in Apple Biometric Privacy Suit
A federal court certified a class of over 6 million Illinois users suing Apple over biometric data in Photos app.
Why it matters: Privacy and data protection teams should watch this case as it could set significant precedent on biometric data use by tech companies under Illinois' BIPA law.
- The court certified a class of 6 million Illinois residents who allege Apple collected biometric data without consent via the Photos app.
- The lawsuit claims Apple's 'People' album violates Illinois Biometric Information Privacy Act (BIPA) by storing facial recognition data without informed consent.
- Earlier, a separate class of 3 million Illinois residents was certified over Siri voice assistant's alleged unauthorized voiceprint collection under BIPA.
- BIPA allows statutory damages of $1,000 for negligent and $5,000 for intentional or reckless biometric privacy violations.
On June 5, 2026, a federal court in Illinois certified a class action lawsuit involving over six million iPhone users alleging that Apple's Photos app violated the state's Biometric Information Privacy Act (BIPA). Plaintiffs claim Apple collected and stored their facial recognition biometric data through the app's 'People' album without obtaining informed consent, as required by BIPA.
Judge Nancy J. Rosenstengel, Chief Judge of the U.S. District Court for the Southern District of Illinois, noted Apple's uniform code of conduct "unites the claims, making class certification appropriate." This certification signals a broader scrutiny of biometric data usage in consumer devices in Illinois.
This case adds to another prominent Illinois lawsuit certifying a class of approximately three million users against Apple over its Siri voice assistant. That case alleges unauthorized collection and storage of voiceprints, also in violation of BIPA. Cook County Circuit Court Judge Michael Mullen emphasized class actions efficiently and fairly resolve such claims.
BIPA, enacted in 2008, is among the strictest biometric privacy laws in the U.S., mandating private entities obtain informed consent before biometric data collection and disclose its purpose and retention time. Violations can lead to statutory damages of $1,000 for negligent and $5,000 for intentional or reckless breaches.
As Apple's biometric privacy practices face multiple class-action suits, legal and tech professionals focused on privacy and data protection should closely monitor developments that could inform future compliance standards and enforcement risk.
By the numbers:
- 6 million+ Illinois residents eligible for Photos app biometric privacy class
- 3 million Illinois residents certified in Siri voice assistant biometric privacy class
- $1,000 per negligent violation and $5,000 per intentional/reckless violation under Illinois BIPA