Lawsuit filed against retail giants in Illinois alleges biometric data privacy violations

A group of major retailers with stores in Illinois are facing a potential class action lawsuit alleging they violated the State’s biometric data privacy rules by contracting Clearview AI.

The Cook County Record reports that after their attempt to include a new set of retailers including Kohl’s, Walmart, The Home Depot and Best Buy in multi-district litigation against Clearview for the use of its facial recognition was rejected, plaintiffs filed a new suit in federal court.

The suit alleges that each retailer used Clearview’s biometric service to search faces captured on their surveillance cameras against the company’s database of images scraped from the internet.

The new allegations include claims under the Illinois’ Biometric Information Privacy Act’s rules on collecting informed consent from people before capturing their biometrics, providing a written policy on biometric data retention and destruction, profiting from people’s biometrics and disclosure or dissemination of biometric data. Those rules are covered in BIPA Sections 15 (a, b, c and d).

Further, plaintiffs say victims of the above violations also include their children, who are minors.

The retailers used Clearview’s technology and database “in order to identify people whose images appeared in surveillance footage obtained from Defendant’s retail stores in located within the State of Illinois,” they say. The Record suggests that detecting shoplifters was the retailers’ motivation.

The attempt to add the retailers to the existing MDL was disallowed because it was made too close to the September 26 discovery deadline, U.S. District Judge Sharon Johnson Coleman said in her opinion, which was posted by Law360. Johnson also noted that the move would shift the focus away from named defendant class representative Macy’s, with which they have no clear corporate connection.

“Equally important,” writes Coleman, “plaintiffs do not explain why Macy’s Inc. and its affiliates are inadequate named representatives nor do plaintiffs cogently explain why these additional defendants are necessary to their claims at this juncture, especially because they were aware that these retailers were Clearview’s clients before they filed the operative complaint in May 2021.”

The attempt would also have been vulnerable for being filed after the one-year statute of limitations had run out.

Those latter question is bound to arise in the newly-launched case as well.

Article Topics

biometric data  |  biometrics  |  BIPA  |  Clearview AI  |  data protection  |  facial recognition  |  lawsuits  |  retail biometrics  |  security  |  surveillance