Biometric data privacy law liability limited for tech providers, pre-empted by union agreements

The frequency of class actions alleging biometric data privacy violations and scope of liability exposure have increased since the landmark ruling by Illinois Supreme Court on standing in 2019, but several successful lines of defense have also emerged for defendants.
David J. Oberly of Blank Rome’s Biometric Privacy, Privacy Class Action Defense, and Cybersecurity & Data Privacy groups writes for Bloomberg Law that employers of unionized workers are increasingly using preemption to have Illinois federal courts dismiss suits under the Biometric Information Privacy Act (BIPA).
Recent examples of this defense tactic include Carmean v. Bozzuto Mgmt Co., which was dismissed because the collective bargaining agreement (CBA) between the employer and union is pre-empted by the Labor Management Rights Act (LMRA). Similar rulings include Frisby v. Sky Chefs Inc., Miller v. Southwest Airlines Co., and Peatry v. Bimbo Bakeries Inc..
A lawsuit filed against Envoy Air Inc. has been split into those before the plaintiff was covered by a CBA and those after, with the former dismissed, reports Bloomberg Law in a separate article.
Technology provider not liable
An Illinois’ federal court has dismissed a suit against biometric technology supplier Hanwha Techwin America, accepting its arguments that the plaintiff did not allege the company had anything to do with the implementation after making the cameras involved, or that it stores any of the plaintiff’s information, according to The National Law Review.
The active party, and therefore the only one with BIPA liability, is T.J. Maxx, the retailer where Hanwha Techwin’s cameras were deployed, not the third-party technology provider.
Database use makes Macy’s liable, plaintiffs argue
Plaintiffs in a biometric data privacy suit against Macy’s want the company included in multi-district litigation, suggesting that the precedent set in Bryant v. Compass Group establishes legal standing, Law360 reports.
The plaintiffs countered the company’s argument that since they do not allege having visited a Macy’s store, they cannot allege biometric data possession or processing by the retailer, with the claim that by using Clearview’s database of biometrics scraped from internet images, it accessed their personal data.
Judge Sharon Johnson Coleman recently refused to grant an injunction against Clearview to block the company from distributing their personal data.
Article Topics
biometric data | biometrics | BIPA | Blank Rome | Clearview AI | data protection | lawsuits | legislation | privacy
Comments