Claims scope decision in White Castle’s biometric data privacy suit could cost businesses billions

The biometric data privacy case Cothron v. White Castle Sys. Inc. could set a precedence for whether claims under Illinois’ law accrue with subsequent violations, or are made up only of the first instance of a particular violation.

The assessment of the potential impact of the case is made by Bloomberg Law, drawing on the opinion of Squire Patton Boggs Senior Associate Kristin Bryan.

Bryan says that billions of dollars in claims could potentially hinge on the decision, as the language in Illinois’ Biometric Information Privacy Act (BIPA) specifies monetary damages per violation, ranging from $1,000 to $5,000 each.

The suit was brought by Cothron in 2018, when she was a White Castle employee, alleging violations in the application of a biometric time and attendance system put in place around 2007.

Judge John J. Tharp Jr. of the Northern District of Illinois ruled last year that Cothron’s allegations include multiple timely violations, saying the decision is based on BIPA’s “clear text.”

Despite BIPA passing in 2008, many basic elements of the statute are still being interpreted, the article notes.

The Seventh Circuit Court of Appeals is expected to uphold the district court ruling, reverse it, or send it to the Illinois Supreme Court.

Bryan also points out that the ruling could impact interpretations of other statutes, like the California Consumer Privacy Act, which provide for liquidated damages.

Businesses and their representatives warn that if each clock-in is counted as a separate violation, damages could multiply rapidly.

“It could transform a statute that already has a robust statutory damages element into something that’s crushing and disproportionate,” said Meredith Slawe, co-chair of Cozen O’Connor’s class action practice, who filed an amicus brief representing the Retail Litigation Center Inc. and the Restaurant Law Center. “You’re potentially instituting catastrophic liability on businesses operating in good faith.”

White Castle previously argued that employee claims under BIPA are pre-empted by the Illinois Workers’ Compensation Act, a contention rejected in district court.

Wendy’s settles

Possibly heading off a potential increase in the scope of its liability, the owner of 39 Wendy’s stores has settled an alleged violation of BIPA involving a biometric time and attendance system. The $5.85 million settlement with an estimated class of 9,722 employees was approved by a Cook County Judge, Law360 reports.

The settlement amounts to just over $600 per class member, or $384 net, where it to cover all employees. Three lead plaintiffs have been awarded $7,500 each.

The ownership group, All-Star Management Inc., denies any wrongdoing in the settlement agreement.

Article Topics

biometric data  |  Biometric Information Privacy Act (BIPA)  |  biometrics  |  data collection  |  data protection  |  lawsuits  |  privacy  |  time and attendance