Mitek accused of biometric data privacy violations as BIPA settlements look good for lawyers

A potential class action lawsuit has been filed against Mitek alleging the company failed to meet the informed consent requirements of Illinois’ Biometric Information Privacy Act (BIPA) when authenticating users of the HyreCar app with selfie biometrics.

Named plaintiff Joshua Johnson claims to have uploaded a photo of his driver’s license and a selfie to be verified for onboarding to HyreCar, the Cook County Record reports. From this initial check, a biometric template was stored for future identity verification, according to the complaint.

The plaintiff alleges that Mitek is obligated to provide information, including data retention schedules, and obtain informed consent from its clients’ customers before collecting, processing and storing their biometrics. The suit seeks to include the users of any service with identity verification from Mitek, a potential class estimated at least in the hundreds. No estimate is provided for how many clients use Mitek in Illinois.

The Record suggests that following the earlier wave of lawsuits targeting employee time and attendance systems, more complaints are being filed about different applications, including identity verification, retail AI, and worker tracking systems.

In the latter category, a suit has also been filed against Maverick Transportation and Lytx for alleged BIPA violations related to a driver monitoring system, writes the Madison-St.Clair Record.

Lytx provides a video telematics and fleet management system to Maverick, which allegedly gathers the face geometric data and biometrics from drivers without their consent, and without providing a data retention schedule. The suit targets both companies, but says Lytx’ technology is used by 4,000 fleets across America.

In the Southern District of New York, meanwhile, a suit has been filed alleging violations of the Computer Fraud and Abuse Act, the Video Privacy Protection Act, and state consumer data protection laws by social network and video-sharing app Triller, writes Law.com Radar. The lawsuit alleges Triller collected biometric data from users without their consent.

Settlements and attorneys’ fees

The division of a settlement with Hyatt Hotels in another Illinois biometric data privacy suit is drawing some attention for the proposed lawyers fee of $427,000, or nearly 40 percent of the total, Cook County Record writes separately.

The fees contrast with the $1,500 that would be awarded to each plaintiff in the $1.1 million settlement. Named plaintiff Robin Rapai would receive an additional $12,500.

Hyatt has not admitted to wrongdoing, but agreed to comply with BIPA requirements as part of the deal. The settlement could be approved at a January 20 hearing.

In a $6 million settlement agreed to by BioLife for allegedly collecting the fingerprints of plasma donors without the requisite disclosures and consent, attorneys are seeking up to 35 percent, or $2.1 million, according to another Cook County Record article.

Tens of thousands of donors could be eligible for payments of between $500 and $800 each. The amounts also differ depending on whether the alleged offense occurred before BioLife updated its consent forms in March, 2020, with those donating after that receiving about 11 percent of the net funds, and eligible for payouts between $53 and $88.

The settlement amount is similar to that by Octapharma, which began moving towards a $10 million settlement in late-2021, which would pay out $400 to $800.

Article Topics

biometric data  |  Biometric Information Privacy Act (BIPA)  |  biometrics  |  data protection  |  face biometrics  |  lawsuits  |  legislation  |  Mitek  |  onboarding  |  privacy