Biometric privacy suit alleges Onfido violated Illinois’ informed consent rules

Onfido is the latest biometrics company to be hit with a potential class-action suit under Illinois’ Biometric Information Privacy Act (BIPA). A suit filed by the customer of an unnamed online marketplace that uses the company’s technology alleges BIPA’s informed consent requirements were violated when he signed up, Law360 writes.

Law360 notes that bitcoin exchange Bitstamp is noted on Onfido’s website as a customer.

Further, named plaintiff Freddy Sosa alleges that Onfido compares images to a store of “known faces,” which may be an attempt to widen the scope of the company’s liability. No written permission was granted by Sosa for the company, and he was not informed of a storage policy or retention schedule for biometric data allegedly used to verify his identity, according to the complaint.

Jumio reached a $7 million proposed settlement for alleged violations of BIPA’s informed consent requirements in February, in another case targeting a facial recognition and identity document-check provider. VP of Global Marketing Dean Nicholls told Biometric Update that the company had also updated its privacy policy and updated its SDK with a specific notice for Illinois residents to meet the state’s legal requirements.

Onfido updated its privacy policy in May.

The alleged violation by Onfido occurred in April, according to the filing in Cook County Circuit Court by Sosa’s representation, Edelson PC. Edelson also represents plaintiffs in several high-profile suits, including against Facebook and Clearview AI.

Onfido recently stated its case for a unified EU regulatory framework for digital identity verification. The company raised a $100 million funding round in April, at which time CEO Husayn Kassai told Biometric Update Onfido plans to expand its presence in North America.

Judge sides with Vimeo on notice

Despite denying a motion by Vimeo to have a claim against its Magisto app stayed and compel arbitration, a federal judge has sided with the software-maker’s claim that it provided notice to the defendant about the terms containing the arbitration clause.

Vimeo cannot compel the plaintiff to settle through arbitration, because of exceptions contained in the clause for privacy violations, as previously reported. The exception is important, as Judge Matthew F. Kennelly ruled that the app met the threshold of reasonable notice of the terms, according to the Chicago Daily Law Bulletin.

This means that if not for the privacy exception, Vimeo would have been able to compel arbitration, just as Shutterfly has.

Article Topics

biometric data  |  Biometric Information Privacy Act (BIPA)  |  biometrics  |  data collection  |  data protection  |  facial recognition  |  identity verification  |  lawsuit  |  legislation  |  Onfido  |  privacy