A class action lawsuit filed in a U.S. District Court in California raises timely questions for fashion brands moving into the metaverse.
The suit naming five Illinois residents as plaintiffs seeks $5 million from Prisma Labs, Inc., a Sunnyvale, Calif.-based business. According to the complaint, Prisma, under the brand name Lensa AI, takes the identifying information from customers who give the company eight photos, presumably of themselves, for the purchase of “magic avatars,” to be used in social media or any other metaverse platform.
The Lensa app uses Stable Diffusion, an open-source AI model which was originally trained on 2.3 billion captioned images from the internet, the complaint says.
At the heart of the lawsuit is the concern that Lensa, and its parent company Prisma, receives the personal biometric information gleaned from these photos and uses it for commercial gain.
The lawsuit suggests that Lensa could lead to the potential sexual exploitation of adults and children, specifically because it does not require a user to submit only photos of themselves when using the “magic avatar” function.
Plaintiffs cite the review of a Techcrunch reporter who wrote, “it’s possible – and way too easy – to use the platform to generate non-consensual soft porn,” and “cartoonishly sexualized features, like sultry poses and gigantic breasts, to their images.”
Related Stories
The eight causes of action listed in the complaint include seven claims that the company violates the Illinois Biometric Information Privacy Act and one charge of unjust enrichment.
Illinois is considered to have among the toughest biometric information privacy acts on the books. Enacted in 2008, it requires businesses to obtain consent from every person before “collecting or disclosing” his or her identifying information. Beyond that, it requires holders of information to destroy this data within three years.
Plaintiffs argue that Lensa, which rose to a No. 1 ranking on the Apple App and Google Play Stores in December, did not operate in compliance with the Illinois law.
“Defendant collects, possesses, stores, uses, and profits from the Plaintiffs’ biometric identifiers—namely, scans of their face geometry. These identifiers are then tagged to their access devices and used as biometric information,” the complaint states. “Every time the app is opened the user is given two options: ‘Add photos’ or ‘Magic Avatars.’ Regardless of which option is chosen, the user cannot proceed without first giving Lensa access to all photos stored on their device.”
In its terms of agreement, Lensa gives a blanket opt-out, which reads, “If you do not want us to process your Personal Data as it is described in this Privacy Policy, please do not Use Lensa.”
Attorneys for plaintiffs complain that nowhere in the release is it disclosed that information obtained includes biometric data. Furthermore, it calls into question promises made by Lensa that customer data will be “anonymized” and promptly deleted within 24 hours.
“This statement simply cannot be true; if it were, Prisma would not be able to create realistic avatars of the user’s face and then return the processed avatars to the user’s device,” the complaint reads.
Plaintiffs contend that the “if not, then don’t” language in the disclaimer only appeared in the terms of service updated as of Dec. 2, and only due to the litigious efforts of the aggrieved. Attorneys contend Lensa referred the complaining customers to the updated terms of service, but on the website, the company still uses the previous language which does not include the “If not then don’t” wording.
According to the suit, Lensa was downloaded 1.6 million times in December, a six-fold month-on-month increase, and was downloaded by 4 million people in the first week of December alone.
In a statement to Sourcing Journal, a Prisma spokesperson denied the claims of plaintiffs.
“At Prisma Labs, user privacy is of the utmost importance to us,” the statement read. “We consider these allegations to be baseless and intend to vigorously defend against them.”