Instagram has accepted a hefty fine to pay $68.5 million in a biometric privacy lawsuit in Illinois, which filed a significant breach of data use concerning facial recognition technologies in the app.

The alleged violations of Illinois’ biometric privacy law date up until November 2021. Instagram users in Illinois will be eligible for a payout from the settlement if approved in the next approval orders. The first approval hearing happened at the beginning of July and court documents revealed that users in Illinois from 10 August 2015 and 16 August 2023 would be entitled to a cut of the damages.

The company is accused of misappropriately collecting biometric data. Other businesses under Meta Group, for example Facebook, have previously been sanctioned for similarly collecting and misusing user information and biometrics to target advertising campaigns and sell their products.

While U.S. regulation varies from state to state, Illinois is known for having the strictest law on data misuse and anti-privacy practices. Despite Instagram claiming to be using templates of users to find photos and content they appear in, the lawsuit alleges biometrics – which are measurements of physical identity characteristics e.g. fingerprints, facial images – were taken without consent. A similar breach by Facebook (Meta) in 2022 led to significant sanctions.