Top Class Actions’s website and social media posts use affiliate links. If you make a purchase using such links, we may receive a commission, but it will not result in any additional charges to you. Please review our Affiliate Link Disclosure for more information.
Tik Tok stole it from over 89 million users.
Google steals it from people who use their Android phones.
Facebook took it from millions of users, in both the United States and the United Kingdom.
Apple gave it away through a flaw in their iOS system.
Amazon steals it through a seemingly innocent household device – Alexa.
Even McDonald’s is taking it when you place your order for a Big Mac.
Private user data – the most valuable commodity consumers have to give away – is being stolen by big businesses, often in secret and under the guise of “user data” agreements.
Recently, TikTok agreed to pay a $92 million settlement to about 89 million of its users over accusations that the social media platform had unlawfully collected users’ biometric and personal data earlier this year.
In the approved TikTok class action settlement, the social media company agreed to cease collecting users’ biometric, geolocation, and GPS data with the app. They also agreed to stop transmitting US user data outside the US or storing US user data in databases outside the US, unless it discloses such in its privacy policy and complies with all laws.
As part of the agreement, TikTok said it will also require new data compliance training and company procedures and hire a third party to review the compliance training for the next three years.
But TikTok isn’t the only company under fire for illegally collecting user data. A class action was filed against Google in November alleging the tech company of collecting user data through non-Google apps in an attempt to undermine competition and undercut rivals.
Amazon is accused of using voice recognition technology in its Alexa devices to secretly collect, use and store voiceprints of its users, according to multiple class action lawsuits filed in 2021.
Alexa devices are designed to record and respond to communications immediately after an individual says a wake word (usually “Alexa” or “Echo”).
However, oftentimes, the Alexa device will activate, begin recording, and then upload the eavesdropped audio to the cloud even when no wake word was used, class action lawsuits have claimed. Alexa consumers are pushing for Amazon to delete all the voiceprints it has collected, and implement procedures to require consent before recording or storing biometric data.
Meanwhile, in July, 2021, Amazon Europe was ordered to pay €746 million — the equivalent of more than $850 million USD — for breaching the European Union’s data privacy laws, which are far more stringent than U.S. data privacy laws. Amazon was illegally using consumer data for behavioral analysis and targeted advertising, the EU privacy watchdog said in the lawsuit.
What is ‘Biometric’ Data?
Biometric data refers to data that is collected on physical characteristics, including voice, picture, fingerprints—and even heartbeats—that can be used to identify a person in automated recognition.
When our biometric data is collected and used by private companies without our permission, it poses a serious privacy and security risk. The data stored in a biometric database may be more vulnerable than any other kind of data. You can change passwords, however you can’t change your fingerprint or iris scan if it is compromised.
To help protect our biometric data, Illinois passed its Biometric Information Privacy Act (BIPA) in 2008.
BIPA requires companies to develop a written policy, made available to the public, establishing a retention schedule and guidelines for permanently destroying biometric identifiers and biometric information.
The law went on to become the foundation for a class action lawsuit over Facebook’s use of facial recognition technology that automatically identified and tagged users in pictures.
Plaintiffs argued the feature violated BIPA by subjecting them to facial recognition technology without obtaining written consent and without informing them how long their data would be stored.The lawsuit resulted in one of the largest privacy settlements to date, worth $650 million.
The law has been used in multiple class actions against other Big Tech companies like Microsoft, Google and Clearview AI, and could spur more legal action against other firms over user privacy matters in the future.
Right now, McDonald’s is facing a class action lawsuit alleging it illegally collected people’s voice prints at drive-thrus, OctaPharma is paying $9.9 million to settle class action claims it illegally collected fingerprints and Procter & Gamble is accused of illegally collecting users’ facial data through its Oral-B toothbrush app.
Should The Government Regulate ‘Big Tech’ More?
The increasing number of lawsuits filed over big companies’ misuse of user data indicates regulators are getting better at cracking down on privacy violations, Internet Accountability Project Founder and President Mike Davis told Top Class Actions.
However, this is only part of the story.
“Big Tech is also getting more brazen in its data privacy abuses as they attempt to squeeze every dime of profit out of consumers who are finally starting to stand up against the taking of their personal information without their express consent,” Davis said.
He said the government should be doing more to regulate and police Big Tech’s use of consumer data. Congress is currently considering several bills to rein in companies that deal in consumer data.
The United States is well behind Europe, China and Brazil, which have each enacted comprehensive data privacy legislation that lay down a comprehensive set of rules around data collection, processing and protection.
Change will not come solely through regulation, though, Davis said. Antitrust efforts are key to a lasting solution.
“There has to be real competition in the marketplace so tech companies are forced to provide better services that respect user privacy to keep their customers happy,” he said.
“The only way that’s going to happen is if today’s Big Tech companies are broken up and are no longer allowed to engage in anticompetitive practices.”
One idea currently being discussed at the federal level is “data portability.” Bipartisan legislation The ACCESS Act would allow users to easily move their data from one platform to another, rewarding tech companies that respect their data and removing the asset from those that don’t.
“When it is in [tech companies’] financial interest to respect users’ data privacy, that is when we’ll finally see lasting change,” Davis said. The alternative is a world where, potentially, all of our data—biometric, financial, medical, emails, search and browser history—are available online.
What Can Consumers Do to Protect Themselves Online?
No lazy log-ins
Many apps and websites now offer using Facebook or Google as an option to automatically log in, which may be appealing in the moment.
But every time you use that option, you’re giving Facebook and Google access to more of your data. Think twice before using those log-ins. And if you no longer use an app or a site linked to your Facebook and Google accounts, delete the connection to stop sharing your info.
Check privacy settings, or hit delete
Go through all of your social media accounts and check the privacy settings, changing them to restriction you are comfortable with. Facebook has a privacy checkup tool to help with this.
If you want to see exactly what Facebook knows about you, you can download your entire history. Google has a similar option. You could also consider reducing your online footprint by deleting your social accounts and the data associated with them, or reducing your use.
Unplug
Also be aware that your internet-connected devices like Alexa or Google Home are quietly collecting your information in the background. Consider unplugging the devices if you are not actively using them, or not using them at all, if you are not comfortable having your voice recorded.
Strong passwords
Strong passwords can go a long way to protecting your information. A password manager can help you remember them.
Run your updates
Run the updates on apps you use, on your laptop, and even on your router and Internet of things devices. You may be missing an important security patch if not. If you’re not using an app anymore, delete it.
Protect your biometric data
While most of the responsibility to protect your biometric data falls on the organizations gathering it, you also have a personal responsibility to respect and protect it.
Only share your fingerprint, facial scan, voice and other biometric data with highly trusted organizations, and think twice if it’s necessary. What is the risk-reward of allowing a company to scan your face so you can more easily tag a friend in a photo?
Ask the company you are dealing with if the necessary cybersecurity controls are in place to truly protect your data. And search the company name at Top Class Actions to see if it’s facing any lawsuits for data privacy violations.
Still worried your biometric data is being collected without consent? Sign up for our weekly newsletter to get the latest news on Big Tech data breaches and lawsuits.
Don’t Miss Out!
Check out our list of Class Action Lawsuits and Class Action Settlements you may qualify to join!
Read About More Class Action Lawsuits & Class Action Settlements:
- Ancestry.com Shared Private User Information With Third Party Entity, New Class Action Alleges
- Claims That McDonald’s Illegally Stores Customer Voices at Drive-Thru Split in Class Action Ruling
- Facebook Pausing Instagram Kids Amid Pushback From Lawmakers, Parents, and Child Advocates
- Facebook To Pay $14M To Settle Anti-Discrimination Lawsuit
387 thoughts onTikTok, Google, Facebook, and Other ‘Big Tech’ Companies Often Steal Private User Data, Class Action Lawsuits Allege
Please add me