AWS sued under Illinois biometric privacy rules for providing third-party storage
The complaint alleges AWS violated BIPA’s informed consent rules by not providing information to the plaintiff or other potential members of the class, according to the complaint in Cook County Circuit Court. AWS provides cloud storage for companies handling biometric information, and is accused of storing information on behalf of a commercial customer, without providing notification of its practices. The complaint alleges that BIPA forbids storage of biometric data without satisfying the informed consent requirements.
“Despite obtaining, storing, and possessing biometric information of thousands of Illinois residents, including Plaintiffs biometrics, on behalf of scores of its customers, Defendant failed to comply with BIPA,” the complaint reads.
Cloud services companies have argued in the past that they are not responsible for data owned and uploaded to storage services by customers.
The only precedence for suits against third-party vendors held that the informed consent requirements of BIPA do not apply “without any direct relationship” between the vendor and the plaintiff. This precedence has not prevented new suits from being filed against biometrics providers, however.
Most BIPA suits are related to time-and-attendance systems, and it appears that may be the case in the suit against AWS. Plaintiff Martin Ragsdale was not an employee of AWS, but his complaint explicitly mentions that time and attendance systems are one application of its biometric services.