Illinois courts continue to refine biometric data privacy law details, vendors may be liable, TikTok sued
A defendant in a court battle over alleged violations of Illinois’ Biometric Information Privacy Act (BIPA) is asking a Seventh Circuit panel to overturn a lower court ruling returning it from federal to state court, arguing that the ruling violated precedent, Law360 reports.
Attorneys for defendant Compass Group, a food services company, told the three-judge panel that Groshek v. Time Warner Cable Inc. allows federal standing for procedural violation claims if they represent an “appreciable risk of harm” to the interest underlying the particular statute. The suit should therefore have been allowed to remain in federal court, as the statutory violation alleged is “in and of itself” the concrete harm lawmakers set out to prevent with BIPA, the company claims.
The plaintiff in the case, former Compass employee Christine Bryant, appears to be happy with either venue, so long as the matter is settled, according to the report.
“Bryant was not willing to litigate or attempt to settle her case in federal court and risk the result being vacated later for lack of standing” under Article III of the U.S. Constitution, which covers the criteria for legal standing, attorney Zachary Flowerree of Werman Salas PC told the panel.
A panel judge told the defendant’s counsel that because standing is treated differently in Illinois and federal courts, it may potentially be able to proceed in the former but not the latter.
A Compass representative argued that the Rosenbach v. Six Flags decision does not entail removing the present case to state court, as the panel is not bound by the decision, and the plaintiff claims an injury which meets the threshold for federal standing set out in Groshek.
A plaintiff’s attorney notes that the state legislature specifically chose to include a private right of action for individuals who have yet to suffer concrete damages.
Vendors in BIPA suits may be liable in some cases
Biometrics vendors could potentially be liable for damages under BIPA in suits related to employment, the U.S. District Court for the Northern District of Illinois has ruled, according to a bulletin from Holland & Knight LLP.
Kronos could be liable for consent requirement failures due to its role in collecting biometric data, according to a ruling in Figueroa et al. v. Kronos, Incorporated.
Kronos won a victory against claims it had improperly shared biometric data and that its actions were reckless or intentional in a separate case in November.
Holland & Knight point out that several state courts and at least one district judge in Illinois’ Northern District have accepted arguments that vendors are not in a position to obtain consent from their customers’ employees, and dismissed suits against them. In this case, the District Court judge found the plaintiffs’ allegations that the collection function applied to Kronos were sufficient to make it jointly responsible for obtaining consent.
The decision could lead both to more plaintiffs targeting vendors, and more defendants bringing third-party contribution claims against them.
TikTok suit filed in federal court
A case has been filed against popular social media app TikTok alleging it performed face biometric scans of users, including minors, without permission, violating BIPA. The suit was filed in the District Court for the Northern District of California on behalf of children, who were allegedly not informed about the company’s biometric practices, according to Bloomberg Law.
TikTok has already settled a case alleging the sharing of minors’ data in violation of the Children’s Online Privacy Protection Act (COPPA) for $1.1 million late last year.
Workers’ compensation law does not pre-empt BIPA
Another BIPA suit alleging violations of the Act’s informed consent requirements around an employee time and attendance system has been filed by a former employee of a parking and baggage management company, according to another Law360 article. The former employee of SP Plus Corp. at Chicago’s Midway Airport alleges he did not receive information or give consent in any form for the collection of his biometric data.
A motion to stay a similar suit pending a state appeals court decision on whether state workers’ compensation law blocks monetary damages has been denied, Law360 writes. Kenco Logistics Services LLC was told by a federal judge in Illinois that the panel is unlikely to side with the company in the case in question. Even though the issue has not been decided in state appeals court, there is precedence in several state and federal courts that the IWCA does not pre-empt BIPA. A stay is also not likely to streamline the process or reduce the burden the suit places on each part, according to the ruling. Kenco is accused of failing to provide the necessary information about its system.
biometric data | biometrics | BIPA | data protection | facial recognition | fingerprint biometrics | legislation | mobile app | privacy | TikTok | time and attendance