Your face may already be in Ring's database. Not because you own a Ring. Not because you agreed to anything. But because you walked up to a friend's front door.
That's the reality at the centre of a federal class-action lawsuit filed against Amazon in June 2026, and the detail buried inside it is more revealing than the lawsuit itself.
What Familiar Faces Actually Does
Ring's Familiar Faces feature sounds convenient on the surface. Instead of a generic "motion detected" alert, the Ring app tells you "Sarah at the front door" or "mail carrier at the gate". Camera owners can tag up to 50 faces, family members, frequent visitors, the neighbour who borrows tools, and Ring's AI learns to identify them automatically.
Amazon announced it in September 2025 and pushed it live in December, even after the Electronic Frontier Foundation and Senator Ed Markey publicly urged the company to abandon it.
Ring Outdoor Cam Pro Retinal 4K Security Camera: Features,
The convenience is real. But here's the part Ring doesn't put in the marketing materials.
To recognise the faces an owner has saved, the camera has to scan every face that comes into view. The delivery driver. The kid is selling cookies. The person cutting through the yard. The friend visiting for dinner. None of those people opted into anything. None of them was asked. The camera scans them anyway, silently, automatically, every single time.
Amazon has stated that face data is encrypted and is never sold and that unidentified faces are deleted after 30 days. What they haven't explained is why any of that data needs to leave the front door at all. News Source:
The 3 States Where Ring Turned It Off — And What That Tells You
This is the detail that turns a privacy complaint into something worth paying close attention to.
Amazon disabled Familiar Faces in three U.S. jurisdictions:
Illinois — home of the Biometric Information Privacy Act (BIPA), the strictest biometric law in the country. BIPA requires written consent before a company captures any biometric identifier, a faceprint, a fingerprint, a retinal scan. Residents can sue independently, and damages can reach $5,000 per violation. No class action required. Every single scan, every single person, potentially $5,000.
Texas — which bars companies from capturing biometric identifiers without permission. This is the same law that produced a $1.4 billion settlement with Meta in 2024 over facial recognition technology. Not $1.4 million. $1.4 billion.
Portland, Oregon — which banned private businesses from using facial recognition in public-facing spaces in 2021, years before most cities were even discussing it.
Ring also turned the feature off across the EU, UK, and Ireland, where GDPR classifies a faceprint as protected personal data under the highest tier of regulatory scrutiny.
Read that list again. Amazon looked at the map of jurisdictions with serious biometric privacy laws — the places where scanning a stranger's face without consent carries real legal consequences — and chose not to operate there.
Then it switched the feature on everywhere else.
The lawsuit's attorneys called this out directly. They point to those disabled states as evidence that Amazon "chooses not to" comply with consent standards it could follow everywhere. The argument is simple: if the feature requires consent to operate legally in Illinois, it requires consent to operate ethically everywhere. Amazon drew a legal boundary, not a moral one.
The Lawsuit: One Man Who Never Owned a Ring
The class action was filed June 1, 2026, in federal court in Seattle by Charles Sigwalt, a Virginia resident who has never owned a Ring device. He says his face was captured and stored while visiting friends and family whose doorbells had Familiar Faces switched on.
He's seeking at least $5 million for the class.
To an Amazon investor, $5 million against a company worth $2.76 trillion looks like noise. But privacy lawyers and financial analysts who've tracked biometric litigation are reading that number differently, as a starting point, not a ceiling.
Facebook paid $650 million to settle a BIPA face-tagging class action in 2020. Meta paid $1.4 billion to Texas in 2024 over the same category of technology. Take the $5,000-per-scan exposure under BIPA and multiply it by the millions of Americans described in the complaint, and the maths change quickly. Source Article
Morningstar flagged the broader picture before this suit even landed, noting that regulatory concerns "are rising for large technology firms, including Amazon". This case isn't an isolated event. It's part of a pattern of companies deploying biometric features fast, asking for forgiveness later, and hoping the settlement math works out in their favor.
Ring also carries a relevant track record here. In 2023, it paid a $5.8 million FTC fine after staff and contractors were found to have improperly viewed customers' private videos. This isn't a company being unfairly targeted. It's a company with a documented history of treating user data carelessly.
Also read: Is the Ring Doorbell safe to use?
The Deeper Problem With Cloud-Based Facial Recognition
What the Ring lawsuit surfaces is a structural problem with how most smart home security companies handle biometric data – not just Ring specifically.
When facial recognition runs in the cloud, this is what has to happen: the camera captures your face, compresses the image, and sends it to a remote server. That server extracts the faceprint. That faceprint is stored in a database. Later, when a known face appears, the server matches the new faceprint against the stored one and sends a notification.
At no point in that chain does the person whose face was scanned have any control. Their biometric data has left the front door, travelled across the internet, and arrived on infrastructure owned by a corporation before they've even had a chance to knock.
Cloud facial recognition cannot be truly consensual at scale because you cannot obtain consent from every person who might ever walk past a front door. The EFF identified exactly this problem: the feature has to pull a faceprint from every person who comes into view.
Consent from passersby is structurally impossible. Which means cloud-based facial recognition in a residential doorbell is, by design, a system that scans people who never agreed to be scanned.
The only architectural solution to this problem is to never send the data anywhere in the first place.
Why OVAL Was Built to Make This Lawsuit Impossible
OVAL by IRVINEi runs facial recognition entirely on-device. The faceprint is generated by OVAL's Edge AI chip, the same hardware mounted at your front door. It's matched against a locally stored library of enrolled faces. The result is sent to your phone as an alert. At no point does a faceprint leave your home network.
There is no Ring-style cloud database of faces. There is no central server storing faceprints from millions of front doors. There is no 30-day retention window on strangers' biometric data — because strangers' biometric data is never transmitted or stored in the first place.
This isn't a privacy policy. It's an architecture. And architecture doesn't change when a company decides to update its terms of service.
OVAL's on-device processing also means its facial recognition is available everywhere, not disabled in three states because the legal exposure is too high. When your feature works the same way in Illinois, Texas, and Virginia, it's because the underlying approach respects consent by design, not because lawyers drew a map.
Beyond facial recognition, OVAL's Visitor Alert tells you exactly who's at your door. Its Eavesdropping Alert detects when someone lingers suspiciously close to your entrance. Its Intruder Alert fires when someone who shouldn't be there is. All eleven AI alert categories, processed locally, stored locally, flagged instantly.
The Ring lawsuit is a case about one man whose face ended up in a database he never consented to. OVAL's architecture ensures that a case could never be filed against it. because the database doesn't exist.
The Bottom Line
Amazon built a feature that scans strangers' faces, disabled it in the states where doing so has teeth, deployed it everywhere else, and is now in federal court over it. That sequence isn't an accident. It's a business decision, and the lawsuit is the consequence.
The question every homeowner should be asking isn't whether Ring's Familiar Faces feature is convenient. It's whether the home security device at their front door treats biometric data as something worth protecting, or something worth collecting.
Frequently Asked Questions
What is Ring's Familiar Faces feature?
Familiar Faces is a Ring AI feature that identifies recurring visitors by scanning and storing faceprints. It notifies owners with a person's name instead of a generic alert. It requires a Ring Protect subscription and scans every face in view, including people who never consented.
Why did Ring disable facial recognition in some states?
Ring disabled Familiar Faces in Illinois, Texas, and Portland, Oregon, all jurisdictions with strict biometric privacy laws requiring consent before facial data is collected. It's also unavailable across the EU, UK, and Ireland under GDPR.
What is the Ring Familiar Faces lawsuit about?
A class action filed June 1, 2026, by Virginia resident Charles Sigwalt, who says his face was scanned by Ring's Familiar Faces without his consent while visiting friends. He never owned a Ring device. The complaint seeks at least $5 million and argues that passersby are being scanned without knowledge or agreement.
How does OVAL handle facial recognition differently from Ring?
OVAL processes facial recognition entirely on-device using Edge AI. Faceprints are generated, matched, and stored locally; nothing is transmitted to a cloud server. No central database of faces exists. The architecture makes the Ring lawsuit scenario structurally impossible.
Is cloud-based facial recognition legal?
It depends on the jurisdiction. It's restricted or banned in Illinois, Texas, Portland, and across the EU and UK. In most U.S. states, it currently operates in a legal gray zone, which is precisely why companies like Amazon deploy it broadly while disabling it where legal risk is concrete.
