Biometric privacy suit targets Amazon’s COVID-19 screening
Employee COVID-19 screening measures by Amazon use biometrics without satisfying the legal requirements of Illinois’ Biometric Information Privacy Act (BIPA), according to a proposed class action lawsuit reported by Law360.
The suit filed in Cook County Circuit Court alleges that Amazon employees “were exposed to ongoing, serious, and irreversible privacy risks—simply by going into work,” and notes that databases of biometric information can be targeted and potentially breached by hackers. The wellness scans allegedly include facial recognition “and possibly other biometric information.”
The scans, along with temperature checks, were conducted as an access control application, but the company did not inform workers that biometric technology was being used, and how it would be stored or disposed of, or obtain their consent.
The lawsuit also contends that Amazon was aware of its obligations under BIPA due to a previously-filed lawsuit related to its Alexa devices. This contention by the plaintiff may be an attempt to show that Amazon’s actions were “willful,” and therefore merit the maximum $5,000 penalty per violation.
An Illinois appellate panel recently ruled that the workers Compensation Act does not apply to BIPA disputes, deciding on behalf of a plaintiff who alleged violations by an employer, according to a separate Law360 article.
The panel found statutory privacy rights under BIPA are “simply not compensable under the Compensation Act,” so the BIPA suit can move forward. While no state appellate court had ruled on the issue, the panel found that several federal courts had already ruled the Compensation Act does not pre-empt BIPA suits.
An editorial for Law.com written by attorneys with Hinshaw & Culbertson examined the applicability of business’ insurance policies to lawsuits under BIPA and the biometric privacy statutes of other states like Texas, Washington, and Arkansas earlier in October. This gist is that liability does not seem to be well-defined, and claims are likely to be contested for the foreseeable future.
Blank Rome creates biometric privacy compliance checklists for three states
Blank Rome’s Biometric Privacy Team has released a series of compliance checklists to help businesses use biometrics without running afoul of state regulations.
The checklists each cover one of the Illinois Biometric Information Privacy Act (BIPA), the Texas Capture or Use of Biometric Identifier Act (CUBI) and Washington’s Biometric Privacy Statute (HB 1493), and the considerations they entail for companies using employee biometrics for workforce management applications like time and attendance tracking.
BIPA in particular has set off an ongoing flurry of lawsuits and settlements, due to its provision of a private right of action.
The BIPA checklist addresses the regulation’s requirements, penalties and applicability, biometric privacy policies and notices, written releases and consent forms, and the prohibition on profiting from biometric data in ways other than the stated use. Data security, vendor management, and various types of related agreements are also covered.
The CUBI and HB 1493 checklists likewise cover the rules in Texas and Washington, respectively, and what companies must to do comply with them. Three attorneys on Blank Rome’s Biometric Privacy Team recently penned an article on CUBI, and its differences from BIPA.