FB pixel

One of four US biometric privacy cases clearly protect a defendant

One of four US biometric privacy cases clearly protect a defendant

Court action in the U.S. state of Illinois continues to chip away at the definition of what constitutes a viable biometric information privacy lawsuit.

Unfortunately, that work overall is not exactly giving businesses shelter from suits. Four cases make that case.

There was a time when it was not clear if the maker of biometric scanners could be sued under the state’s Biometric Information Privacy Act along with, say, an employer who required workers to use the vendor’s hardware and software.

This month, a Cook County, Illinois, court gave final approval to a $3.5 million class-action settlement against Ceridian, maker of automated human resource products including fingerprint-scanning timeclocks.

An employee of Standard Market, a suburban Chicago grocery store, brought the case in 2019.

The legal publication Cook County Record says Ceridian is now in the company of other, similar firms including ADP and Kronos who have been successfully sued when their clients were taken to court for not adhering to BIPA rules.

Ceridian has promised the court that it will get written consent from employees of clients before collecting prints and create and make public biometric information management practices.

In a second case, an Illinois state appeals court has decided that businesses cannot wait to make public their rules for collecting and storing biometric data. The policies must be in place before data is collected, according to reporting by trade publication Law 360.

A former employer of J&M Plating, a metal finisher, filed a putative class action against the company in February 2021 claiming that the firm did not comply with BIPA strictures requiring data management practices.

J&M had initially convinced a judge that the plaintiff’s data was destroyed two weeks after he left the company without harm under BIPA. The Second District court disagreed.

BIPA is diminished as a tool to prevent some data misuse if businesses can delete data after the fact. If nothing else, stolen data is still stolen if it is not used to harm a person and can be used illegally at any point after a theft.

The third case is less of a clear-cut defining decision for BIPA.

In this one, a U.S. circuit court of appeals seems unconvinced that a third-party ID verifier should be governed by the arbitration provision of a car intermediary service. No decision has been made. The judges’ comments came during oral arguments, according to Law 360.

The defendant is facial recognition software maker Mitek Systems. Its attorneys are arguing it should be allowed to arbitrate the proposed class actions brought against it under BIPA.

The plaintiff’s face was scanned to verify his identity and age priory to providing access to Hyrecar, a car-sharing company that enables people to rent vehicles from individual owners so that the customers can then drive the cars for ride-sharing services like Lyft.

Hyrecar is not being sued.

Part of Hyrecar customers’ contracts requires them to arbitrate disagreements, including those with third-party “beneficiaries” like Mitek.

Pharmacy chain CVS, on the other hand, won a dismissal before a U.S. district judge.

The judge found that “the most foundational aspect of a BIPA claim” is absent in the case, according to Law 360. It did not prove that CVS used the plaintiffs’ passport photo scans (a CVS service) to ID them or that they gave the company information that could link them to the biometric data.

According to Law 360 reporting, the judge said that “their complaint contains no specific factual allegations” to make their case. “BIPA does not apply to defendant’s conduct here.”

Article Topics

 |   |   |   |   |   | 

Latest Biometrics News


Cryptomathic is Belgium’s digital wallet mobile app security provider

Tech from Cryptomathic has been deployed in Belgium’s digital identity wallet, one of the first to go live in the…


Bringing ethics into the discussion on digital identity

A panel at EIC 2024 addresses head-on a topic that lurks around the edges of many discussions of digital ID….


Kantara Initiative launches group devoted to deepfake injection attack threats

“It’s probably not as bad as this makes it seem,” says Andrew Hughes, VP of global standards for FaceTec and…


Seamfix CEO makes case for digital ID as unlocker of Africa’s growth potential

The co-founder and Chief Executive Officer of Seamfix, Chimezie Emewulu, has posited that digital identity and related services have the…


Nigeria’s digital ID authority unveils new measures to uphold data security

The National Identity Management Commission of Nigeria (NIMC) has outlined new measures that align with its push to make data…


Data Zoo, Metalenz, Precise, Token, Tools for Humanity add executives

A handful of biometrics and digital identity providers have announced leadership team updates including new finance and technology executives at…


Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Most Read This Week

Featured Company

Biometrics Insight, Opinion

Digital ID In-Depth

Biometrics White Papers

Biometrics Events