Technologyfailure
The $1.3B "AI" Company That Was Actually 700 Human Engineers
Capability BuildingRisk Management
← All Case Studies
Technologyfailure
The $1.4B Price Tag for Default-On AI Facial Recognition
Major Social Media Platform
$1.4B
settlement
Over a decade
duration
None
consent
$500M in 30 days
payment Terms
The Challenge
The company's AI facial recognition feature was enabled by default for over a decade. It collected facial geometry data from users without explicit consent, violating a state biometric privacy law.
The Approach
The feature operated on an opt-out rather than opt-in basis. Users were enrolled automatically. The company treated biometric data collection as a product feature rather than a consent-requiring privacy action.
The Results
The company agreed to a $1.4 billion settlement — the largest single-state privacy settlement ever achieved. $500 million was due within 30 days, with the remainder payable over four years.
Seven Pillar Insights
Risk Management
A decade of default-on facial recognition without consent produced a $1.4 billion liability. The risk was knowable, the law was on the books, and the feature shipped anyway.
Key Lessons
1
Default-on AI data collection without consent creates existential financial risk
2
The gap between technically possible and legally permissible can cost billions
3
Privacy risk scales with user base — what affects millions creates billion-dollar liability
Related Case Studies
Ready to Avoid These Pitfalls?
Take the AI Leadership Assessment to identify your organization's strengths and vulnerabilities.
Want expert guidance on your AI strategy?
Schedule a consultation with Neil to explore how these lessons apply to your organization.
Schedule a Consultation