OnlyFans’ parent company has become the latest target of a class-action lawsuit filed under Illinois’ biometrics privacy law, alleging that OnlyFans improperly scanned the faces of content creators in Illinois when the creators are forced to verify their age and identity using a facial recognition program
On November 5, attorneys Eugene Y. Turin and Colin P. Buscarini of Chicago’s McGuire Law filed a lawsuit against Fenix Internet LLC in Cook County Circuit Court.
The complaint names Fenix as the corporate entity through which OnlyFans content creators are paid.
OnlyFans has grown into an online video content behemoth in recent years, particularly since the onset of the COVID-19 pandemic in early 2020.
The ability of sex workers and pornographers to use the platform to share and monetize adult sexual content has almost entirely driven growth. OnlyFans pays content creators who have purchased either a monthly subscription to specific content creators or specific content from the creators.
According to the complaint, OnlyFans now has more than 130 million user accounts worldwide, with over 2 million content creator accounts. According to the complaint, the majority of OnlyFans users are in the United States, with many in Illinois.
OnlyFans reported more than $1.2 billion in purchases from visitors in 2020 alone, according to the complaint.
OnlyFans launched a program requiring content creators to verify their identity and age before they can post content or be paid in response to rising public complaints about content potentially containing underage “creators.”
According to the complaint, the automated process requires potential creators to submit a selfie photo of themselves. They must then submit a photo of an official government photo ID, such as a driver’s license, that shows their date of birth.
OnlyFans then uses a program to create a “geometric profile of their face” and compare it to “the biometric profile that it extracts from the user’s ID document to see if they match,” according to the complaint.
According to the complaint, OnlyFans “collected the facial biometrics of thousands of individuals, including Illinois residents.”
The named plaintiff, identified only as Jane Doe in the complaint, has been an OnlyFans content creator since 2019. In 2021, she allegedly had to re-verify her age and identity using OnlyFans’ automated verification program.
OnlyFans’ verification program, according to the complaint, violates the Illinois Biometric Information Protection Act (BIPA.)
Over the last six years, a growing number of plaintiffs’ law firms, including McGuire Law, have used the BIPA law to file thousands of class action lawsuits against companies of all sizes. The lawsuits typically accuse businesses of violating technical legal provisions that require businesses to obtain written consent from people and provide them with certain notices before scanning their biometric identifiers, such as fingerprints, retinal scans, or, in this case, facial geometry.
Many of the lawsuits have targeted employers specifically, accusing them of improperly requiring employees to scan their fingerprints to verify their identities when punching in and out of work shifts.
However, a number of other BIPA class actions have targeted social media and big tech companies such as Facebook, Google, Shutterfly, and others.
For example, Facebook has been sued over its photo tagging programs, which scan the faces of people depicted in photos uploaded to Facebook and then create and save a template of those faces, allowing the program to locate that person in all other photos in which they appear on Facebook.
Settlements in class actions have been substantial. Facebook agreed to pay $650 million to settle a class-action lawsuit filed by the BIPA over its tagging software.
Settlements in class actions against employers typically range from hundreds of thousands of dollars to $25 million.
A growing number of businesses are settling rather than going to trial and risking potentially ruinous judgments in the face of a law that allows plaintiffs to seek damages ranging from $1,000 to $5,000 per violation – with individual violations defined by some courts as each time a biometric identifier is scanned.
OnlyFans allegedly violated BIPA by failing to publish a policy with “a schedule and guidelines” explaining how the facial scans would be handled and eventually destroyed; allegedly improperly using the facial scans for profit; and allegedly failing to secure the facial scans and users’ data from former OnlyFans and Fenix employees.
The complaint seeks $1,000-$5,000 in damages per violation, plus attorney fees.
The plaintiffs want the lawsuit to be expanded to include potentially thousands of OnlyFans users in Illinois who submitted photos of their faces and IDs through OnlyFans’ identity and age verification system.