Johnson & Johnson’s former consumer products unit has agreed to settle a lawsuit about its Neutrogena Skin360 app. The app, which was meant to help people check their skin using artificial intelligence, was accused of secretly saving facial scans of users.

Lawsuit over face scan app comes to an end

The case was filed in Illinois in 2022. It was based on a state law called the Biometric Information Privacy Act, or BIPA. This law protects people’s biometric data, such as fingerprints, voice patterns, and facial scans. The lawsuit said the Skin360 app collected facial data and linked it with personal information. It also claimed that this was done without asking for proper permission.

After nearly two years in court, the case has now been settled. A federal judge confirmed that the case will officially close within 60 days. The terms of the settlement are private and have not been shared with the public.

How the Skin360 app worked

The Neutrogena Skin360 app was designed to be a personal skin advisor. Users could take a photo of their face with their phone camera. The app then scanned the face and gave a skin health report. It suggested routines and products that could be used to improve skin.

How Cyber Attacks on Industrial Control Systems Can Endanger Lives ?

The technology behind it was advanced. It used AI to study details such as wrinkles, pores, and texture. This made the app popular with people who wanted a quick skin check from home.

But problems started when questions were raised about how the app stored this sensitive data. Biometric data, like face scans, is very personal and cannot be changed like a password. Under BIPA, companies must clearly tell people how this data is collected, stored, and used. The lawsuit argued that the app did not do this properly, which made it unlawful.

Why this settlement is important

By agreeing to settle, Johnson & Johnson’s consumer unit has avoided a trial. The company has not admitted to doing anything wrong, but the settlement puts an end to a very public case.

This matter is important because it shows how carefully companies need to handle biometric information. Facial scans and similar data are unique to each person. If misused, the impact could be permanent. This is why states like Illinois have strict laws.

The case also highlights how apps that look harmless, like a skin care tool, can actually involve serious privacy issues. What feels like a simple scan of the face may mean that highly sensitive data is being stored.

Orange confirms ransomware breach with 4 GB of customer data exposed on dark web

Many people may not know how powerful biometric data really is. Unlike a phone number or email, which can be changed, face scans, fingerprints, and other biological identifiers are permanent. Once collected, they can reveal not only identity but also health, habits, and even age.

Because of this, Illinois created the Biometric Information Privacy Act (BIPA). The law requires companies to explain why they are collecting biometric data, how long they will keep it, and whether it will be shared.

The Neutrogena Skin360 case became part of this wider trend. While the app was designed to help users with their skin care, the way it handled data was questioned.

For users, this case serves as a reminder to read app permissions and privacy notices carefully. Many apps today rely on cameras, microphones, or even health sensors to provide services. While these features can be useful, they also come with risks if the data is not managed responsibly.