Biometric privacy act does not flout state constitution, judge tells fingerprint database provider

Illinois’ biometric privacy law does not flout the state constitution by exempting financial services companies, contrary to the arguments made by a trampoline park accused of violating the law, a U.S. District Court Judge has ruled.

Law360 writes that Pathfinder Software LLC’s claim was “a bit hyperbolic,” given that the companies exempted are all subject to personal data collection and maintenance regulation under the Gramm-Leach-Bliley Act.

Pathfinder operates the fingerprint biometric database used by Innovative Heights Fairview Heights LLC, and was added in November to a suit against Innovative Heights by former employee Madisyn Stauffer alleging the informed consent requirements of the Biometric Information Privacy Act (BIPA) were not met. The suit was originally filed in April of 2019, and the companies had it removed to federal court in January.

Half of the potential class-action suit has been sent back to state court, however, as District Judge Mark Beatty found the plaintiff’s claims under BIPA Section 15(a), requiring the publication of a data retention and destruction policy, are not sufficient to establish standing under Article III. The claim described a hypothetical risk to an employee leaving the company, not a harm actually suffered by the plaintiff, according to the ruling. The portion of the claim relying on a violation of the consent requirement remains in federal court.

Beatty also rejected an argument by Pathfinder that it qualifies for exemption as a financial institution, and other reasons the company offered for its exclusion from the suit.

Article Topics

biometric data  |  biometrics  |  BIPA  |  data collection  |  fingerprint biometrics  |  lawsuit  |  privacy