AWS and Pindrop named in voice biometric data privacy lawsuit as cases test liability limits
Plaintiffs in a biometric data privacy suit say Amazon Web Services’ call center operations fall under the jurisdiction of state courts, and the company should face allegations that its use of voice recognition from Pindrop violate Illinois’ law, Law360 reports.
A trio of plaintiffs filed suit against AWS and Pindrop in December, claiming that the informed consent requirements of the state Biometric Information Privacy Act (BIPA) were not met when their voice biometrics were collected, stored, and used for authentication.
AWS argues that plaintiffs failed to allege the company’s biometric collection practice is “active,” but plaintiffs counter that the company fails to specify where any distinction between active and passive collection is made in the Act because it contains no such distinction.
The company also claimed that it was not the alleged owner of the data, and therefore could not be considered in possession of it, but the proposed class argues that “possession” is not defined in the Act, and therefore is meant in an ordinary sense that includes AWS. AWS has advertised the integration of Pindrop’s technology with its Amazon Connect service, which is used by insurer John Hancock, which was called by each of the defendants.
As a financial institution, John Hancock is shielded from BIPA liability, but the plaintiffs argue that exemption does not extend to AWS, as a third-party service provider.
The proposed class includes anyone in Illinois who placed a call to or received one from any business using Amazon Connect and Pindrop’s biometric technology since December 17, 2014.
Arbitration and liability limits tested
Vimeo is appealing a recent decision that it cannot compel arbitration in its BIPA suit to a federal appeals court, MediaPost reports. The company’s argument to the 7th Circuit Court of Appeals must be presented to the court by July 28.
Vimeo has said its Magisto app uses machine learning for object detection but does not collect facial biometric data.
A bid to dismiss a suit against White Castle System Inc. has been rejected by a district judge, who ruled that the allegations the company shared biometric data with two third-party vendors in violation of BIPA can proceed, according to Bloomberg Law. White Castle had argued that the plaintiff lacked standing.
A claim by the plaintiff that White Castle also violated the retention schedule publication and deletion requirements of BIPA, however, was tossed.
The White Castle decision has prompted plaintiffs in a suit against PersonalizationMall.com LLC to note the similarities between the defendants’ motion to dismiss and White Castle’s, which was ruled on by the same court.
Law360 reports that the rejection of White Castle’s argument that the BIPA claim is pre-empted by the Illinois Workers’ Compensation Act is also “consistent with the many courts to previously consider the issue.” The company claimed that the IWCA is intended as the sole means for recovery against an employer for a work-related injury, but its former employees argued that the labor law only applies to injuries that prevent an individual from continuing to work.
Plaintiffs also argued that PersonalizationMall.com’s claim that they had waited to long to file the complaint is incorrect, as the claims fall within five years of the alleged violations, which is the default for statutes like BIPA that do not specify their own limitation. Under Illinois law relating to “appropriation of likeness,” claims must be brought within one year.
The insurer of a Burger King franchisee says that it will not defend its client because of clauses releasing it from responsibility in cases of employment-related practices and disclosure of confidential information, according to a separate Law360 article. Toms King owns more than 130 Burger King locations across five states and is facing a potential class action suit based on the usual allegations of informed consent failures, but American Guarantee and Liability Insurance Co. says its commercial general liability and umbrella liability policies do not apply to BIPA allegations.
Legal landscape for return to work reviewed
Business may find it challenging to put biometrics like facial recognition to work for them in applications like building access amid a patchwork of state regulations, according to a brief on biometrics in the context of returning to work for Security Business magazine.
The column by Saul Ewing Arnstein & Lehr LLP Partner Timothy J. Pastore notes that the Commercial Facial Recognition Privacy Act (SB 847) has stalled, but will likely be revived if many businesses adopt the technology. Pastore recommends formulating clear policies for biometric data use, collection and storage, as well as advanced notice.
Questions about consent and potential data breach procedures are also among the tangle of issues that businesses must navigate to leverage biometric technology without risking compliance failures.
Corner Bakery settlement gains first approval
A $3.2 million settlement in a BIPA class action suit against Corner Baker Café has been granted preliminary approval by a district court judge, Consumer Privacy World writes.
Corner Bakery had challenged BIPA’s constitutionality based on the exemption of government and financial services from liability, and the minimum in damages, which arguments were dismissed.
The attempt to reach a settlement is the second try, after an initial agreement was rejected by the court for limiting the ability of class members to object to the agreement, speak at a final hearing on fairness, or appeal.
The article notes that up to a third of damages are recoverable as legal fees.