Biometric privacy lawsuit hits law enforcement provider in latest round of BIPA class actions
Motorola and Vigilant are among the latest crop of companies to be named in Biometric Information Privacy Act (BIPA) lawsuits, for their role in the state’s gallery of mugshots, Law Street reports. The suit appears to be the first known instance of BIPA defendants operating a database used by law enforcement customers.
A trio of plaintiffs filed the suit in Illinois Northern District Court, alleging that Motorola and Vigilant store booking images of more than 18 million people, including people who have been found innocent or had charges expunged, without providing the data storage, use and deletion policies required by BIPA. The companies offer access to the images to law enforcement agencies for a fee. The plaintiffs did not consent to the collection of their biometrics by these companies either, the complaint claims, though presumably the initial image collection by law enforcement did not require consent.
The suit makes the usual points about the endurance of biometrics and claims about the potential harms of the data’s misuse or theft.
The database is also allegedly used with other facial recognition products to allow nearly real-time identification and tracking of millions of people. This claim relates to recent allegations that Clearview AI was used by up to 30 Chicago Police officials. Between the two BIPA suits, the inner workings of the Chicago Police Department could soon become public information.
OkCupid data access allegedly not ok
Startup Clarifai has similarly been sued for allegedly using biometric data from OkCupid user profiles to train its facial recognition algorithm without providing information or receiving consent from the users, Bloomberg Law reports.
The suit was filed in Cook County Circuit Court, and claims Clarifai gained access to the data through an investor with ties to dating website OkCupid.
“OkCupid did not enter into any commercial agreement at that time with Clarifai, and has no relationship with the company now,” OkCupid Global Communications Manager Michael Kaye told Bloomberg Law.
Also in the Cook County, vending machine operator Compass Group USA Inc. has been hit with a BIPA suit for collecting thumbprints without meeting the informed consent requirements, reports Top Class Actions. The plaintiff claims she did not fully understand that her biometric data would be kept when she used one of the company’s machines, and that its collection of biometrics is invasive and coercive.
A lawsuit has also been filed against XSport Fitness chain operator Capital Fitness and its subsidiary Executive Affiliates for collecting employee fingerprints without informed consent, according to ClassAction.org. Executive Affiliates used a fingerprint biometric time and attendance system without following any of the data policy disclosure requirements of the Act, according to the allegations filed with the Circuit Court of Cook County.
Expert says private right of action has unintended consequences
American Action Forum Director of Technology and Innovation Policy Jennifer Huddleston says other states considering data privacy legislation should consider the potential downside of bestowing a private right of action on citizens, Alton Daily News writes.
“You have the possibility that these lawsuits and this threat of liability could deter innovation as a result of concern that anything that doesn’t clearly check all of those boxes is going to be subject to very expensive litigation,” Huddleston explains.
She refers to the practice of withholding certain services from state residents, one potential unintended consequence of the private right of action, as “innovation arbitrage.”