Jail for biometric data privacy violations in Baltimore? More class actions settled for millions
There is nothing to say that the United States has to have a coherent set of standards for the use of biometrics. Or, for that matter, that any states must create a legal foundation for systems use.
Most industry executives and developers assume clarity will come eventually, one way or another, and are capitalizing on the present rulessness. But what if adults do not step in to provide some consistency?
It could look like the last three weeks, when a major American city prepared to make biometric data privacy violations jailing offenses. Bracketing that July development, major companies including Hyatt, Topgolf and Walmart found themselves either facing new court challenges or paying to end past grievances.
It is notable that systems buyers are most often on the hook for damages. At the moment, uncounted lawsuits have been filed against buyers and not system makers.
(That is no solace for those who have been sued, including Paychex, ADP, Kronos, NovaTime Technology, Timeclock Plus and iSolved HCM. All have been sued for violating Illinois’ Biometric Information Privacy Act. Their situations are summarized here.)
On deadline, the mayor of Baltimore had yet to sign a bill that would prohibit virtually everyone in the city, with the exception of law enforcement agencies, from using facial recognition surveillance systems.
An analysis of the proposal by law firm Nixon Peabody indicates that individuals would be forbidden from obtaining, retaining, accessing or using information derived from biometric surveillances in Baltimore. The same prohibitions would cover the software itself.
Each day a violation occurs would be an individual offense, each subject to a maximum $1,000 fine and a year in prison.
Next to the threat of going to jail, even large cash settlements seem like mere inconveniences.
Hotelier Hyatt this month agreed to pay $1.6 million in Cook County, Ill., to settle a proposed class action related to BIPA. Publisher Law360 has reported that each claimant will get about $1,500.
A signed agreement has not been reached yet, according to Law360. A final hearing is scheduled for November.
Paychex, a large outsourcing office-services firm, also agreed to buy its way out of a class action, according to reporting by Top Class Actions. Almost $3.4 million will be divided among anyone who has had their face, finger or iris scanned by one of the company’s biometric time clocks between January 2014 and May 2021.
The time clock in question is one feature of Paychex’ service packages.
The situation is getting no better in the near future, according to an article by human resources industry publication HR Drive.
Its story spotlights the entertainment company Topgolf, accused by former employees of collecting and disclosing their biometric data, collected by a fingerprint time clock.
The U.S. District Court in the Northern District of Illinois ratified a settlement in which Topgolf executives denied the accusations, which involved abrogating BIPA provisions. About $2.6 million will be divided among the 2,600 class members.