Biometric privacy suit defendant argues BIPA exemptions make law unconstitutional
Midwest grocery chain Jewel-Osco has filed a motion in Cook County Circuit Court arguing that Illinois’ Biometric Information Privacy Act (BIPA) is unconstitutional, on grounds that it sets a different standard for private employers than the government, its contractors, and financial institutions, which are exempted, the Cook Country Record reports.
A class action suit was brought against Jewel-Osco in 2018 by a group of pharmacists who were required to use a fingerprint biometric access control system for pharmacy computers. They allege the company failed to secure written consent, and to provide the necessary notices and documentation.
“There is no rational basis to treat financial institutions, the government or government contractors differently under the BIPA,” Jewel-Osco parent company Albertsons wrote in its brief. “If the BIPA was truly enacted to protect Illinoisans’ biometric data, to leave some of the biggest employers in the state unregulated, and thus their employees unprotected, and to allow those entities the benefit of not having to comply with the BIPA is nothing short of arbitrary.”
Albertsons says the potential damages from the suit are “extraordinary,” and that the law excludes two of the largest sectors in the state by number of employees, in government agencies and financial institutions. This exclusion violates employers right to equal protection under the law enshrined in the U.S. Constitution, as well as a ban in the Illinois state constitution on “special legislation” which benefits a certain group at the expense of others.
The data breach from Pay By Touch, which reportedly inspired the enactment of BIPA in 2008, would not be prevented by BIPA, as the company could be excluded, depending on how ‘financial institution’ is interpreted, Albertsons argues.
A judge has previously dismissed Albertsons motion to dismiss the case on grounds that pharmacists are covered by federal HIPAA privacy protections, and therefore are exempt from BIPA.
Since Illinois’ State Supreme Court ruled that statutory violations constitute harm under BIPA, defendants have attempted to argue the law is unconstitutional on different grounds, including the “grossly excessive” damages that can result.
Article Topics
biometric data | Biometric Information Privacy Act (BIPA) | biometrics | data protection | privacy
Comments