A new class action lawsuit in Virginia is testing the legal boundaries of facial recognition in smart home devices. Charles Sigwalt filed the suit against Amazon and its Ring subsidiary, arguing that the company's Familiar Faces feature captures and stores biometric data from people who never agreed to the technology.

Familiar Faces uses artificial intelligence to identify frequent visitors and create up to 50 personalized profiles. The feature launched in the United States in December 2025 and in the United Kingdom in April 2026. Ring markets it as an opt-in tool, meaning device owners must activate it. But the lawsuit contends that the people whose faces are scanned, from mail carriers to neighbors walking by, never have a say.

The Lawsuit's Core Argument

Sigwalt claims Ring violates multiple Virginia laws covering consumer protection, computer crimes and privacy. He also argues the practice runs counter to a 2023 Federal Trade Commission policy statement that warns against surreptitious collection of biometric information. The suit seeks to halt the feature, secure damages for affected individuals and force Ring to disgorge profits.

According to the complaint, Familiar Faces converts facial images into mathematical templates called faceprints. Ring stores these faceprints in Amazon's cloud, not on the device itself. The company says unrecognized faces are retained for 30 days and recognized profiles for 180 days. Sigwalt argues that data persists beyond those limits because profiles reappear after users unsubscribe.

Opt-In for Owners, No Choice for Visitors

Ring explicitly states that Familiar Faces is not enabled by default and requires user activation. However, the lawsuit draws a sharp distinction between the device owner's choice and the subject's consent. A homeowner may opt in, but the postal worker at the door or the pedestrian on the sidewalk has no opportunity to decline being scanned and stored.

The complaint points out that Ring has confirmed it will not run Familiar Faces in Illinois, Texas and Portland, Oregon. Those jurisdictions have strict biometric privacy laws. Illinois requires written consent before collecting biometric data. Texas has similar rules. Portland bans the use of facial recognition in public accommodations. Sigwalt argues that Ring's willingness to comply in those states proves it could do so everywhere but chooses not to.

Why This Matters

This case directly affects millions of people who walk past Ring cameras every day. If successful, the lawsuit could force companies to rethink how they handle biometric data from nonusers. The outcome may also influence how regulators interpret opt-in consent when the device owner and the data subject are different people.

Broader privacy implications are significant. The Electronic Frontier Foundation has compared Familiar Faces to Ring's Search Party feature, which also uses AI to identify targets. Privacy advocates warn that faceprints stored in the cloud could be repurposed for surveillance or shared with law enforcement. Ring has said it cannot identify every camera that captured a particular person, but critics say that capability could change.

Amazon did not respond to a request for comment. The company previously stated that it does not use Familiar Faces data to train AI models and that it could not fulfill a law enforcement request to locate all cameras that detected an individual. The lawsuit nonetheless asks the court to stop Ring from using facial recognition in its current form and to establish a fund for damages.