BIPA and the $650M Wake-Up Call: How Biometric AI Is Exposing Companies to Existential Litigation

Meta paid $650 million. TikTok paid $92 million. Google paid $100 million. Snapchat paid $35 million. All of them violated the same 2008 Illinois law: the Biometric Information Privacy Act (BIPA). All of them lost because they collected biometric data from users — faces, voiceprints, fingerprints — without the specific notice and consent BIPA requires. AI systems in 2026 collect biometric data constantly. Every face recognition system, every voice-enabled assistant, every emotion detection API, every gait analysis pipeline. Most of them are not BIPA-compliant. The litigation wave is not coming — it's already here. What Is Biometric Data Under BIPA? Illinois BIPA defines biometric identifiers as: Retina or iris scans Fingerprints (and finger geometry) Voiceprints Hand geometry Face geometry (facial recognition templates, facial embeddings) Biometric information means any information based on these identifiers, regardless of how it's converted or stored. This matters for AI: a facial emb