Amazon has faced multiple class action lawsuits alleging improper collection and retention of facial recognition data, though a specific lawsuit titled “DeepLens Camera Retained Identifiable Face Data After Employee Left” does not appear in current public records. Instead, documented cases include claims that Amazon violated federal biometric privacy laws by collecting facial data through Rekognition technology without adequate consent, failing to disclose facial tracking in physical stores, and retaining employee facial scans for timekeeping purposes beyond their legitimate use.
These cases highlight a broader pattern of concern about how technology companies handle sensitive biometric information, particularly after individuals stop using services or leave employment. The most substantiated Amazon facial recognition cases include the Amazon Photos biometric privacy lawsuit filed in Illinois in May 2021, claims regarding facial recognition systems installed in Amazon Go stores without proper customer disclosure, and allegations that Amazon collected employee facial data for timekeeping and retention purposes. While the specific DeepLens product case you mention has not been independently verified in major legal databases, the underlying issues—facial recognition data retention after an individual’s relationship with Amazon ends—remain central to ongoing litigation and regulatory scrutiny.
Table of Contents
- What Amazon Facial Recognition Lawsuits Have Actually Been Filed?
- Understanding BIPA and Why Data Retention Matters
- Other Amazon Biometric Data Cases and Trends
- What Damages or Compensation Might Be Available?
- Challenges in Proving Facial Recognition Misuse
- What to Do If You Believe You Were Harmed by Amazon Facial Recognition
- The Broader Landscape of Biometric Privacy Regulation
What Amazon Facial Recognition Lawsuits Have Actually Been Filed?
The most well-documented Amazon facial recognition claim is the class action alleging Amazon violated the Biometric Information Privacy Act (BIPA) in Illinois through its Rekognition technology. This May 2021 lawsuit in Illinois targets Amazon’s collection of facial scans without explicit user consent, with class members potentially being anyone who had their face scanned through the Rekognition system. The legal team at Wexler Boley & Elgersma LLP has filed similar complaints targeting Amazon’s biometric practices, establishing BIPA as a key framework for challenging facial recognition data collection. A separate documented case involves Amazon’s facial recognition systems in Amazon Go stores in New York.
News reports from March 2023 confirmed that Amazon faced a class action lawsuit for allegedly failing to disclose that facial recognition technology was being used to track customers in its New York stores, violating New York’s 2021 law requiring businesses to post clear signs about biometric surveillance. This case demonstrates that even when facial recognition technology is deployed, companies may face liability if they fail to inform individuals that they are being scanned. Another verified claim involves Amazon employees alleging that Amazon collected their facial data for timekeeping purposes without obtaining proper informed consent as required by BIPA, and failed to disclose data retention policies—meaning employee facial scans may have been retained long after individuals stopped working at Amazon. This employee-specific lawsuit is perhaps closest to the scenario you described, as it addresses facial data retention after an employment relationship ends.
Understanding BIPA and Why Data Retention Matters
The Biometric Information Privacy Act (BIPA), enacted in Illinois in 2008, requires companies to obtain written informed consent before collecting biometric data, which includes facial scans. Critically, BIPA also mandates that companies establish and disclose a specific data retention schedule and securely delete biometric data once its intended purpose is complete. Many Amazon-related cases hinge on the argument that Amazon collected facial data without adequate disclosure of how long the data would be kept, who could access it, or when it would be deleted.
The retention issue is particularly significant for employee-facing technology. When Amazon used facial recognition for employee timekeeping, the company should have informed workers exactly when those facial scans would be deleted—ideally immediately after use, or at the very latest when employment ended. However, if neither condition occurred and facial data remained in Amazon’s systems after an employee left, that retention could constitute a separate BIPA violation, independent of the initial collection consent issue.
Other Amazon Biometric Data Cases and Trends
Beyond Rekognition and timekeeping, Amazon has faced scrutiny over its Ring doorbell device and how Ring stores facial recognition data generated from neighborhood footage. Though less documented than the Rekognition lawsuits, the broader regulatory environment is increasingly hostile to companies that retain biometric data indefinitely. The Federal Trade Commission has signaled concerns about Amazon’s data practices, and state attorneys general in multiple jurisdictions have investigated Amazon’s biometric collection methods.
Amazon’s approach has drawn comparisons to other tech companies facing similar biometric lawsuits. Facebook (Meta) paid $650 million to settle a BIPA class action over facial recognition in its photo-tagging feature. google faces ongoing BIPA litigation over facial recognition in Google Photos. These settlements and pending cases establish precedent that tech companies cannot simply retain facial data indefinitely—they must obtain consent, disclose retention practices, and delete data according to a stated schedule.
What Damages or Compensation Might Be Available?
Under BIPA, class members can recover statutory damages of $100 to $1,000 per violation per person. If an individual’s facial data was scanned multiple times without consent, or if the same facial data was retained and scanned repeatedly, each instance can count as a separate violation, multiplying potential damages. Additionally, plaintiffs can recover attorney fees and costs, which incentivizes law firms to pursue these cases on behalf of large classes.
In practice, settlements in biometric privacy cases vary widely. Some settlements provide cash payments to class members (ranging from $10 to several hundred dollars depending on the class size and evidence of harm), while others may provide injunctive relief only—meaning Amazon would be required to change its practices going forward but no money would be distributed. If you believe you were subject to unauthorized facial scanning by Amazon, documenting when you were potentially scanned and verifying your eligibility for a specific settlement class will determine whether compensation is available.
Challenges in Proving Facial Recognition Misuse
One significant limitation in facial recognition lawsuits is that most individuals have no way to know when they’ve been scanned. Amazon does not notify users that Rekognition is analyzing footage, and the data collection often happens in the background on systems the individual never knowingly consented to. This “hidden collection” problem makes it difficult for people to know they have a claim, and it’s why class actions are the primary mechanism for relief—attorneys discover the company’s practices through discovery, then notify the entire class.
Another practical limitation is that facial recognition data breaches do occur, meaning even if Amazon collected data with consent, unauthorized third parties might have accessed facial scans. However, proving that *Amazon’s* negligence caused a breach, rather than broad industry vulnerabilities, requires expert testimony and forensic evidence that can be costly to develop. If you were affected by an Amazon facial recognition data breach, you would need to connect that breach specifically to Amazon’s failures, not merely to the existence of the breach itself.
What to Do If You Believe You Were Harmed by Amazon Facial Recognition
If you believe Amazon collected your facial data without consent—whether through Rekognition, Amazon Go stores, Amazon Photos, or timekeeping systems—the first step is to identify which specific case or settlement period you fall within. Documentation matters: if you were an Amazon employee during a specific date range, you may be part of the employee facial data class action. If you visited an Amazon Go location in New York before the disclosure lawsuit was filed, you might be part of that class.
If you used Amazon Photos, you could be part of the BIPA claim. Contact a law firm specializing in biometric privacy, or monitor settlement websites for notices regarding Amazon facial recognition cases. Class action notices typically include instructions for submitting a claim and a deadline for doing so; missing the deadline can result in forfeiture of benefits, even if you would have been entitled to compensation.
The Broader Landscape of Biometric Privacy Regulation
Facial recognition regulation is evolving rapidly. Beyond BIPA (which applies in Illinois), California’s Consumer Privacy Act (CCPA) and similar state laws are beginning to address biometric data explicitly.
The federal government has not yet enacted a comprehensive biometric privacy law, but Congressional interest is increasing. This means that Amazon’s legal exposure to facial recognition claims may only increase as more states adopt BIPA-equivalent statutes or stricter biometric data laws. For consumers and employees, this regulatory momentum is positive: it suggests that companies’ current practices around facial recognition data collection, retention, and sharing will face increasing legal and financial consequences, which should incentivize better privacy practices industry-wide.