After noting the flood of Illinois biometric privacy suits in September, it appears that the flow of such suits remains robust.  Dozens of suits have been filed in Illinois state court against Illinois-based employers and other businesses alleging violation of Illinois’s Biometric Information Privacy Act (BIPA), which generally regulates the collection, retention, and disclosure of personal biometric identifiers and biometric information, and encourage businesses that collect such personal data to employ reasonable safeguards.

In recent years, biometric privacy suits initially involved social media services and video game makers, but have increasingly been asserted against businesses that collect biometric data to authenticate customers or employees, especially Illinois-based employers that use biometric timekeeping devices to verify employees when clocking in and out.  

While dozens of suits have been filed in Illinois state court, it is not yet clear if mere procedural violations of BIPA’s consent and data retention requirements, without any showing of actual harm or data misuse, are actionable under the statute (i.e., whether persons pleading procedural violations are “aggrieved” under the statute, as BIPA expressly provides that “any person aggrieved by a violation” of the BIPA may pursue money damages and injunctive relief against the offending party).  Defendants, in other cases, have argued that the term “aggrieved” in BIPA requires a plaintiff to establish an injury due to a statutory violation, while plaintiffs oppose this interpretation and have contended that “aggrieved” means only that a plaintiff must come within a statute’s zone of interest.

In one of the latest suits, a putative class of employees asserted BIPA claims an Illinois-based media company that collected and stored employees’ fingerprints, allegedly without proper notice and consent, for the purpose of authenticating attendance and timeliness.  (Lopez v. Multimedia Sales & Marketing, Inc., No. 2017CH15750 (Ill. Cir. Ct. Cook Cty filed Nov. 29, 2017)).   Specifically, the complaint alleges that the employer violated BIPA by failing to give proper notice, obtain written consent or publish a data retention policy prior to collecting fingerprints for the purpose of timekeeping authentication.  The complaint also alleges that, to the extent the defendant transmits the employees’ biometric data to out-of-state vendors to manage its authentication procedures, it failed to obtain consent for such a practice. Notably, the complaint does not allege any misuse or misappropriation of the biometric data previously collected.  The complaint seeks injunctive relief requiring defendant to comply with BIPA and statutory damages of $5,000 for each willful violation of BIPA (and $1,000 for each negligent violation).

Examples of other recent BIPA suits filed against employers include:

  • Freeman-McKee v. Alliance Ground International LLC, No. 2017CH13636 (Ill. Cir. Ct. Cook Cty filed Oct. 11, 2017) (employees of airline cargo company assert BIPA claims regarding collection of fingerprints for use during clocking in and out)
  • McGee v. RJW Transport Inc., No. 2017CH14077 (Ill. Cir. Ct. Cook Cty Oct. 20, 2017) (BIPA claims against logistics and transportation company regarding use of fingerprints for timekeeping authentication)
  • Heckl v. Suparossa Restaurant Group LLC, No. 2017CH14299 (Ill. Cir. Ct. Cook Cty filed Oct. 25, 2017) (BIPA claims against restaurant company over scanning of employees’ fingerprints to check in and out of a digital time clock)

We will continue to monitor developments in these disputes and other ongoing biometric privacy litigation.

Posted in Biometrics, Privacy
Tags: Biometric Information Privacy Act, biometric privacy, biometric privacy litigation, BIPA, employee biometric privacy
Print:
Email this postTweet this postLike this postShare this post on LinkedIn
Photo of Jeffrey Neuburger Jeffrey Neuburger

Jeffrey Neuburger is co-head of Proskauer’s Technology, Media & Telecommunications Group, head of the Firm’s Blockchain Group and a member of the Firm’s Privacy & Cybersecurity Group.

Jeff’s practice focuses on technology, media and intellectual property-related transactions, counseling and dispute resolution. That expertise…

Jeffrey Neuburger is co-head of Proskauer’s Technology, Media & Telecommunications Group, head of the Firm’s Blockchain Group and a member of the Firm’s Privacy & Cybersecurity Group.

Jeff’s practice focuses on technology, media and intellectual property-related transactions, counseling and dispute resolution. That expertise, combined with his professional experience at General Electric and academic experience in computer science, makes him a leader in the field.

As one of the architects of the technology law discipline, Jeff continues to lead on a range of business-critical transactions involving the use of emerging technology and distribution methods. For example, Jeff has become one of the foremost private practice lawyers in the country for the implementation of blockchain-based technology solutions, helping clients in a wide variety of industries capture the business opportunities presented by the rapid evolution of blockchain. He is a member of the New York State Bar Association’s Task Force on Emerging Digital Finance and Currency.

Jeff counsels on a variety of e-commerce, social media and advertising matters; represents many organizations in large infrastructure-related projects, such as outsourcing, technology acquisitions, cloud computing initiatives and related services agreements; advises on the implementation of biometric technology; and represents clients on a wide range of data aggregation, privacy and data security matters. In addition, Jeff assists clients on a wide range of issues related to intellectual property and publishing matters in the context of both technology-based applications and traditional media.

Read more about Jeffrey Neuburger
Show more Show less
Related Posts
Washington Governor Signs Bill Addressing Government Use of Facial Recognition Technology
April 2, 2020
Will the Role of Facial Recognition Grow in a Post-COVID-19 World?
March 31, 2020
Reflections on 2019 in Technology Law, and a Peek into 2020
December 23, 2019