Vimeo's Clippy-for-video-bumpf app 'breaks biometric privacy law by slurping thousands of faces without consent'

AI marketing tool sparks lawsuit

Illustration of facial recognition

Vimeo's cloud-based video-editing app Magisto analyzes thousands of people's faces using AI and stores their biometric data in a database without their consent, it is claimed.

Magisto is, from what we can tell, Clippy or a Microsoft Office wizard but for corporate marketing videos: you select a template video, upload your own photos and videos, pick a few other options, and the backend generates a final package from all the material, automatically combined, using various trained machine-learning systems. It works via the web, and iOS and Android apps. The templates span realtor profiles to "millennial marketing."

To the point: the rub appears to be that when you upload a video or photo containing someone's face, Magisto detects the person's presence and generates a unique fingerprint, or face print, for their fizog, and stores this information in a database. When you upload more footage, any faces present are compared against the faces in this cloud-hosted database, and any matches allow the software to group people together by file or scene. The AI technology also identifies each person’s gender, age, and location, too.

It's all for the automatic composition and editing process, apparently.

According to Bradley Acaley, who is this month suing [PDF] Vimeo in Cook County, Illinois, this collection of biometric data – the shape and contours of people's appearances and the resulting face print – without permission from those in the uploaded video and photos is illegal under the US state's law. Acaley had purchased a one-year professional Magisto subscription for $120, and, having used it, was unhappy with its practices.

A digitized fingerprint

Clock blocker: Woman sues bosses over fingerprint clock-in tech

READ MORE

Specifically, Acaley, who lives in Illinois, is upset that biometric data for non-users – such as his wife and kids – is seemingly being stored and analyzed by the software with no way of gaining their consent. You upload a snap of vid of someone, and Magisto stores their biometric data without their permission, basically, it is claimed.

Under Illinois’ strict Biometric Information Privacy Act (BIPA), companies collecting biometric data must obtain written consent from people, explicitly state the reason why its using the technology, and publish public guidelines on how long it plans to retain the images as well as how they can be deleted.

Although Magisto, based in Silicon Valley, mentions on its website, at least, that it uses of facial recognition in its automagic editing process, and states that it collects data that “may include or reflect personal information that could identify you” in its privacy policy, it fails to explain how long biometric data is stored and how it can be removed. Vimeo acquired Magisto in April this year.

Acaley didn’t renew his Magisto subscription after it expired, funnily enough.

A spokesperson for Vimeo, which bought Magisto in April this year, was not available for comment. ®

Sponsored: Technical Overview: Exasol Peek Under the Hood

SUBSCRIBE TO OUR WEEKLY TECH NEWSLETTER




Biting the hand that feeds IT © 1998–2019