Johnson and Johnson Owes $4.7 Million for the Neutrogena Skin360 Biometric Data Collection.

The $4.7 million settlement pool is allocated primarily to individual class member payments, with substantial portions reserved for attorney’s fees (typically 25 to 30 percent of the settlement) and administrative costs for claims processing, notice, and settlement administration (usually another 5 to 10 percent). This means approximately $3.2 to $3.5 million remains available for direct consumer compensation. If the estimated 11,000 class members all submit valid claims and split this remaining amount equally, individual payouts would approximate $290 to $320 per person before any final adjustments. In practice, however, not every class member files a claim. If 5,000 people claim compensation from the settlement, per-claim payments would double to roughly $600 to $700.

Conversely, if claim rates are exceptionally high—above 90 percent of the estimated class—per-claim amounts may fall closer to $250 to $300. The claim period is limited, meaning consumers who miss the deadline forfeit their share. Any unclaimed funds may be distributed as cy pres awards to related privacy advocacy organizations, rather than returned to the defendant. Payment timelines typically extend 6 to 12 months from the submission of a valid claim, depending on how quickly the settlement administrator processes claims, resolves disputes, and obtains court approval for distribution. Claimants should expect to receive payment by check or direct deposit well into 2027, assuming the preliminary approval granted in February 2026 progresses without significant legal challenges. Notably, settlement payments are generally not taxable as income because they represent compensation for a civil violation rather than income from a service or product sale.

Important Limitations and Things You Need to Know

The settlement is limited to Illinois residents and does not cover consumers in other states, even if their biometric data was collected by Neutrogena. Residents of neighboring states or other parts of the country cannot file claims under this specific settlement class. However, non-Illinois consumers may have claims under their own state privacy laws or could potentially join separate litigation if another class action is filed in their jurisdiction. This geographic limitation is significant because facial recognition data has no state boundaries—a person in Wisconsin or Michigan whose data was collected is excluded from compensation despite being equally harmed. Another limitation involves the statute of limitations on discovery.

Class members have a finite window to claim their settlement payment, often just 60 to 90 days after final court approval. Missing this deadline means forfeiting the right to compensation from this settlement entirely. Settlement notices will be sent by mail and email to known addresses, but some consumers may not receive notice if their address on file with Kenvue is outdated or incorrect. Those who do not receive notice but believe they should be eligible must actively search for settlement information online and file claims before the deadline passes. Additionally, the settlement does not impose punitive damages or additional penalties beyond the $4.7 million payout, meaning it does not reimburse the cost of credit monitoring, security freezes, or other protective measures some consumers may have taken after discovering their biometric data was compromised.

What Changes Is Kenvue Required to Make Going Forward?

As part of the settlement agreement, Kenvue must delete all facial images and biometric data collected during the class period and cannot re-collect similar biometric data without first obtaining explicit written consent. The company must implement new policies governing the collection, retention, and destruction of biometric information and must provide users with clear, separate consent forms before capturing any facial scans in future versions of skincare analysis apps. These requirements apply to Skin360 and any successor applications.

Specifically, Kenvue must establish a written retention schedule specifying how long facial images will be kept, must provide users with the option to request deletion of their biometric data at any time, and must honor deletion requests within a reasonable timeframe. The settlement also requires Kenvue to post and maintain a policy document explaining its biometric data practices, giving consumers access to information about what data is collected and how it is protected. In effect, the settlement uses legal injunctions to force the company to comply with Illinois BIPA standards going forward, making compliance a contractual obligation subject to court oversight.

What This Settlement Means for Biometric Privacy and Other Companies

The Neutrogena Skin360 settlement joins a growing category of BIPA enforcement actions that have produced multi-million-dollar settlements against companies ranging from retailers to technology firms. Prior settlements with companies like Facebook, Google, and various retail chains have established that BIPA violations can be extremely costly, creating powerful financial incentives for other organizations to audit their biometric data practices and obtain proper consent before collecting facial scans or fingerprints. The settlement sends a clear market signal: companies cannot treat facial recognition and biometric data collection as ancillary features without legal guardrails.

Looking forward, this case underscores a broader trend: privacy laws are shifting from requiring proof of actual harm to holding companies accountable simply for unauthorized collection and retention of sensitive data. BIPA was ahead of its time when enacted in 2008, but newer federal and state privacy laws are now catching up, adopting similar standards requiring explicit consent for biometric collection. As more states pass biometric privacy legislation, consumers nationwide—not just in Illinois—will have stronger legal protections and clearer grounds to challenge companies that collect facial or fingerprint data without permission. For companies developing skincare, fitness, payment, or identity verification apps, the Neutrogena case is a cautionary tale about the cost of assuming consent is implied or embedded in terms of service.

Conclusion

The $4.7 million settlement between Kenvue and Illinois consumers harmed by the Neutrogena Skin360 app represents one of the largest BIPA enforcement outcomes to date and demonstrates the real financial consequences of unauthorized biometric data collection. Approximately 11,000 eligible class members—those who used the app between December 2019 and May 2023—can expect to claim individual payments in the hundreds of dollars, contingent on filing claims before the deadline and on the total number of claims submitted. While the settlement provides financial restitution, it is limited geographically to Illinois residents and does not compensate consumers in other states, despite the fact that biometric data collection has no borders.

If you used Neutrogena Skin360, Neostrata Skin360, or any co-branded variant of the facial analysis app while living in Illinois during the specified period, watch for claim notices in the mail and via email, and plan to submit your claim promptly once the settlement is finalized and the claims period opens. The settlement administrator will provide detailed instructions on how to file and what documentation may be required, but the burden falls on consumers to take action within the deadline. For more information, monitor the official class action settlement website once it becomes available, and note that you should never pay any fee to file a claim—legitimate settlement claims are always free to submit.

You Might Also Like