Introduction
Photobucket Inc is embroiled in a significant legal battle, facing a proposed federal class action lawsuit in the US District Court for the District of Colorado [3]. The lawsuit involves over 100 million users and more than 13 billion images, following a controversial update to its privacy policy. This update revealed plans to sell images from dormant accounts, including biometric identifiers [5] [6] [7], to companies developing generative AI models [6] [7], sparking allegations of privacy and intellectual property violations.
Description
Photobucket Inc is currently facing a proposed federal class action lawsuit in the US District Court for the District of Colorado involving over 100 million users and more than 13 billion images. This legal action follows a recent update to its privacy policy, which disclosed plans to sell images from dormant accounts, including biometric identifiers such as face and iris scans [6] [7], to companies developing generative AI models [6] [7]. The lawsuit asserts multiple claims, including violations of privacy and intellectual property laws [3] [5], specifically the Digital Millennium Copyright Act (DMCA) 1202(b)(1) and (3), invasion of privacy [3] [4], deceptive practices [4], and unjust enrichment [1] [4]. Plaintiffs [1] [2] [3], led by Chicago artist Mac Pierce [3], allege that Photobucket failed to obtain clear [6] [7], informed consent from users [7], thereby violating stringent privacy laws in states like Illinois [3] [6] [7], New York [1] [3] [5] [6] [7], California [1] [3] [6] [7], and Virginia [1] [5], particularly the Illinois Biometric Information Privacy Act (BIPA) [2], which mandates explicit consent for the use of biometric data, as well as the Colorado Consumer Protection Act [5].
The complaint highlights that Photobucket’s communications to users with dormant accounts [1], which required consent for the use of biometric data or risk deletion [1], do not constitute informed consent [1]. Plaintiffs describe these emails as “fraudulent and coercive,” claiming they misled users into accepting new terms rather than deleting their data [1], with users who did not respond within 45 days deemed to have opted in [1]. While copyright infringement is not currently claimed due to the registration requirement [4], the lawsuit includes accusations related to the removal of copyright management information (CMI) under DMCA Section 1203(b)(1) and the distribution of copies with CMI removed under 1203(b)(3) [4].
The litigation seeks to protect two groups: individuals who uploaded photos from Photobucket’s inception in 2003 until May 1, 2024 [3], and non-users depicted in those images [3] [6] [7], whose biometric data may have been exploited without consent [3] [6]. If the court finds that Photobucket unlawfully profited from users’ data [7], it could face significant fines [6] [7], potentially amounting to $5,000 per violation [6] [7], with up to 100 million users eligible for punitive damages [6]. Concerns have been raised regarding the implications of AI training on users’ images [7], including the risk of creating deepfakes [7]. Reports indicate that at least one user’s data may have already been sold for AI training [6], with many users only discovering the alleged misconduct after it began [6].
The lawsuit accuses Photobucket of misleading users through emails that implied consent for new terms [7], including a Biometric Information Privacy Policy [7], under the guise of account reactivation or data retrieval [7]. The plaintiffs seek a court order to halt Photobucket’s licensing practices and demand damages for each intentional rights violation [3]. Key legal questions arise regarding online photo privacy [2], consent [1] [2] [3] [5] [6] [7], and the use of personal images for AI and biometric applications [2].
The identity of the companies purchasing the data remains unclear [7], but legal discovery is expected to uncover this information [7]. Photobucket’s CEO has indicated ongoing discussions with tech companies to license the platform’s content for AI training purposes [3]. Legal representatives for the users argue that the unauthorized sale of data has caused irreparable harm [7], advocating for significant damages to ensure users share in any profits derived from their data [7]. With recent amended complaints in two lawsuits against Google and NVIDIA [4], the total number of copyright lawsuits concerning AI in the United States has reached 38 [4]. A favorable outcome for the plaintiffs could establish a precedent requiring companies to respect user rights and obtain informed consent before repurposing personal data [2]. Photobucket is expected to respond to the complaint within 30 days [7].
Conclusion
The outcome of this lawsuit could have far-reaching implications for the tech industry, particularly concerning user privacy and the ethical use of personal data in AI development. A ruling against Photobucket may set a legal precedent, compelling companies to prioritize transparency and obtain explicit consent before utilizing user data. This case underscores the growing tension between technological advancement and privacy rights, highlighting the need for robust legal frameworks to protect individuals in the digital age.
References
[1] https://www.biometricupdate.com/202412/us-courts-training-plaintiffs-and-defendants-on-repurposing-biometric-data
[2] https://www.lawinc.com/photobucket-privacy-lawsuit
[3] https://petapixel.com/2024/12/13/photobucket-sued-for-licensing-billions-of-users-images-to-train-ai/
[4] https://chatgptiseatingtheworld.com/2024/12/17/photobucket-sued-to-stop-use-of-user-photos-in-deals-w-ai-and-biometric-companies-asserts-11-claims-including-dmca-1202b1-3/
[5] https://news.bloomberglaw.com/privacy-and-data-security/photobucket-sued-for-training-ai-with-photos-without-consent
[6] https://jweasytech.com/2024/12/11/photobucket-opted-inactive-users-into-privacy-nightmare-lawsuit-says/
[7] https://arstechnica.com/tech-policy/2024/12/photobucket-sold-users-biometric-data-without-consent-lawsuit-says/
