Biometric privacy suit against Onfido not eligible for arbitration, judge rules

Onfido’s attempt to have a claim against it under Illinois’ Biometric Information Privacy Act (BIPA) sent to arbitration has been rejected by a federal judge in the state, Law360 reports.

The company had argued in a motion to stay and compel arbitration that as a third-party contractor of online marketplace OfferUp, for which Onfido provides identity verification for its “TruYou” feature, an arbitration provision in OfferUp’s terms of service applies to it. OfferUp user Fredy Sosa is suing Onfido in a proposed class action for violating the informed consent requirements of BIPA before collecting and processing his face biometrics, and failing to provide a biometric data retention schedule and destruction information.

U.S. District Judge Marvin E. Aspen ruled against its motion to that effect, saying it ignores the plain text of the provision in question. On the judge’s reading, the provision includes no mention of arbitrating disputes between users and third-party providers, so Onfido is not an intended third-party beneficiary of the terms.

The company had also argued that it is established as an agent of OfferUp by the terms of service and the plaintiff’s allegations, but the judge ruled that the record does not establish a principal-agent relationship between Onfido and OfferUp which would allow the latter to control the former’s activities,  or allow Onfido to conduct legal transactions in the name of OfferUp.

The suit was originally filed in June, and also refers to Onfido’s “known faces” capability, which may be an attempt to widen the scope of the class.

Insurer claims BIPA suit coverage excluded because no unlawful disclosure alleged

An unlawful disclosure of biometric data would be required to trigger insurance policy coverage of a biometric privacy suit against a MacDonald’s franchise, according to American Family Mutual Insurance Co., which holds the policy in question. The company has requested summary judgement in its favor in a suit it has brought against the fast-food franchise in Aurora to free it from BIPA-related claims.

The insurer argues that the policy’s “violation of statutes” exclusion prevents coverage of BIPA violations, as well as employment practices, which includes illegal sharing of employee biometrics. The policy held by franchise owner Schmitt South Eola LLC rather applies to published information and advertising injuries, American Family arguers.

The franchisee argued in August that American Family had identified the wrong insurance policy in its claim that the proposed class action is not covered by the policy. The insurer has filed its contention that the policy MacDonald’s indicates is not relevant, as the underlying BIPA suit does not allege improper distribution of the employee’s biometric data.

American Family has also filed a similar suit against over a dozen other MacDonald’s franchises in Illinois, according to Law360.

Insurers need to keep abreast of the development of state laws imposing requirements for protecting biometric data, according to an editorial in PropertyCasualty360 by Argo Pro VP and Chief Underwriting Counsel Ted Stefas.

Stefas notes that Alaska, Arizona, Connecticut, Delaware, Florida, Idaho, Massachusetts, Michigan, Montana, New Hampshire, New Jersey, New York and Rhode Island have biometric privacy legislation pending, and provides a list of five questions for brokers to ask clients about their exposure.

American Airlines hit with large-scale employee lawsuit

An employee of American Airlines subsidiary Envoy Air is suing in Cook County Circuit Court on grounds the airline failed to satisfy BIPA’s informed consent and retention schedule disclosure requirements when it collected her fingerprint and palmprint biometrics as part of its time and attendance tracking system, according to another Law360 article.

Plaintiff Maysoun Abudayyeh claims the company did not provide any information to employees when the biometric modality used in its employee management system was changed from fingerprints to palm images.

The suit involves a potential class of more than 1,000 members, according to the suit.

The airline has a collective bargaining agreement with its employees, and such agreements have pre-empted some BIPA suits, but the plaintiff notes that the complaint refers to a period of time before it was in place.

Article Topics

biometric data  |  biometrics  |  BIPA  |  data protection  |  facial recognition  |  identity verification  |  legislation  |  Onfido  |  privacy