Call of Duty's Violation of the Illinois Biometric Information Privacy Act (BIPA)

Illinois residents are raising concerns against Activision, the publisher of Call of Duty, alleging the company may have violated the state’s Biometric Information Privacy Act (BIPA). 
 

BIPA is the first law of its kind, taking bold steps to protect the biometric information and individual privacy rights of Illinois residents. 
 

The allegations originate from the use of an AI moderation system, ToxMod. This tool, introduced in November 2023, monitors and flags inappropriate behavior in multiplayer voice chats. It may have collected and stored voice data without proper consent from players, which could violate BIPA.
 

What is BIPA?

Introduced in 2008, BIPA was created to protect Illinois residents’ biometric information, including fingerprints, voiceprints, retina or iris scans, hand scans, DNA, facial geometry, and any other unique individual biometric information.
 

BIPA requires companies collecting and storing this data to do the following:
 

1. Inform the individual in writing which biometric data is being collected and stored.
2. Inform the individual in writing the specific purpose and length of time their biometric data will be collected, stored, and used.
3. Receive the individual’s written consent for the collecting and storing of their information.
    

If a company does not comply, it may face up to $1,000 or actual damages for negligent violations and $5,000 or actual damages for intentional violations, as well as litigation costs and other legal expenses.

Activision and the Alleged BIPA Violations

ToxMod, an AI voice moderation tool used in Call of Duty, may have breached BIPA due to collecting and storing users’ voiceprints without adhering to BIPA’s consent requirements. If proven guilty, this would be a significant violation, especially for Illinois players who engaged in multiplayer voice chat while using Call of Duty.
 

Activision has not officially commented on the allegations; however, legal experts believe these allegations could lead to serious fines as each violation could be subject to individual penalties.
 

What Are the Legal Implications?

The Illinois Supreme Court takes alleged BIPA violations seriously, as in prior cases like Tims v. Black Horse Carriers and Cothron v. White Castle Sys., Inc. Companies found negligent or intentional in handling biometric data have faced large fines, amassing hundreds of millions of dollars. 
 

If Activision is found guilty, it could face a similar fate, especially with the scalability of multiplayer platforms, which may impact multiple users simultaneously.
 

What Does This Mean for the Gaming Industry?

This case exemplifies the increasing concerns regarding privacy practices in the gaming industry, especially with AI moderation tools. 
 

With more gaming companies implementing AI tools in their communities for moderation, ensuring companies adhere to privacy laws like BIPA is becoming a top priority. Not only does non-compliance come with significant financial penalties, but more importantly, it negatively affects user trust.