It could pay to use Snapchat, even if you haven't checked the app in years.
Snap Inc., the social media app's parent company, is set to pay out $35 million to current and former Illinois residents for allegedly storing their facial recognition data without their consent.
If you lived in the state for at least six months dating back to November 17, 2015, and you used Snapchat's filters or lenses, you could be eligible for a payment ranging from $58 to $117, according to the Chicago Tribune.
You have until Saturday, November 5, to submit a claim, which can be found on the settlement's website. You'll need to include your Snapchat username and at least one Illinois address where you lived.
The settlement's final approval hearing is scheduled for November 17.
The lawsuit alleges that the app's filters and lenses spent years scanning users' faces to apply special effects in photos without explicitly notifying users that it was creating and storing that data, making those actions illegal under Illinois' strict biometric privacy laws.
Snap doesn't admit any fault under the settlement's current terms, and "continues to vehemently deny" that the features violate state law, a company spokesperson tells CNBC Make It.
The data it collects can't be used to identify specific people, stays on users' phones and is never sent to the company's servers, the spokesperson says — adding that Illinois users received an in-app consent notice earlier this year "out of an abundance of caution."
Facebook, TikTok, Google, Shutterfly and Pret A Manger have all settled similar cases in Illinois over the last 14 months, too.
In May, Facebook's $650 million settlement sent payments of up to $397 to over 1.4 million people.
Users of Google Photos could receive their payments soon: The company reached a $100 million settlement over a similar lawsuit in September, setting up 420,000 current and former Illinois residents to receive about $150 each, according to the Chicago Tribune.
More lawsuits across the country could follow, too.
Texas and Washington also have biometric privacy laws, and similar pieces of legislation in California, Colorado, Connecticut, Utah and Virginia will take effect next year. California residents already have some data protection under the California Consumer Privacy Act.
Federal rules are also possible. In August, the Federal Trade Commission announced it was "exploring rules to crack down" on companies that collect "vast troves of consumer information, only a small fraction of which consumers protectively share," according to its website.
Any lawsuits outside of Illinois would likely be smaller, with less payout for users, says Caitlin Fennessy, vice president and chief knowledge officer at the International Association of Privacy Professionals.
That's because the Illinois law has an unusually broad private right of action, or the right for U.S. citizens to claim that their rights are being violated under the law, she explains.
Fennessy also notes that as our collective understanding of data privacy grows, future lawsuits will focus less on user consent and more on what companies do with biometric data once they have it.
Eventually, "organizations will have to recognize they can't be breached for data they don't hold, and will have to think [and disclose] ... about what data they're collecting and the extent to which they need it," she says.