Biometric privacy cases churn on, but talk of legal reform gets louder
Amazon and beefery McDonald’s are separately involved in new class-action filings about their alleged violation of a U.S. state biometric privacy law. As it turns out, however, legislators might be ready to radically change the law to the benefit of data collectors.
The law in question is Illinois’ Biometric Information Privacy Act, which has given chest pains to business owners who record or have recorded employee and customer biometrics for attendance, security, fraud and other reasons.
McDonald’s case is weak enough that it might soon be dismissed, while the Amazon case could live on for years.
April 17, lawyers for McDonald’s requested a summary judgment in a case (1:21-cv-02906) filed by plaintiff Shannon Carpenter.
Carpenter claims he visited an Illinois McDonald’s in early 2020 and, apparently in a first for him, ordered his food using the restaurant’s AI speech-recognition voice assistant, reports Law360.
He maintains that his biometric privacy rights were violated because the global restauranteur did not adhere to BIPA requirements such as informing him about how his data would be managed. Nor was he required to give informed consent to use of his data.
McDonald’s says its software recognizes human speech, not the speech of a human. No identifying demographic data is collected to attach to biometric data and no voiceprint is created or received.
The Amazon case (2023-ch-03680), also spotted by Law360 (subscription required) and filed April 17 by Rodneka Perry, charges that Amazon’s fulfillment and delivery subsidiary, Amazon Logistics, requires independent contractors to verify their identity using facial recognition functions of Flex, Amazon’s job-service portal.
Beginning in 2018 and continuing at least through the date of her filing, Perry worked for Amazon Logistics, making deliveries with her personal vehicle in the Chicago area. She reportedly must scan her face before being allowed to work a shift.
Perry claims she did not give informed consent for the data collection.
All of it might be moot, as attorneys say.
Fifteen years after enactment, BIPA reform is a viable hope for businesses (though not for trial attorneys).
In the wake of a State Supreme Court decision that claims accrue with each instance of biometric data use, a coalition of business groups including the Chicagoland Chamber of Commerce, Illinois Manufacturers’ Association and associations representing state healthcare, retail and trucking sectors called for change.
According to multiple reports in Illinois, lawmakers are now ready to consider changes to the law.
Businesses have for years said BIPA will bankrupt some businesses and while it is not clear if that has happened, companies have suffered large financial penalties.
U.S. regional slider purveyor White Castle has become something of a galvanizing example. Unconfirmed reports indicate that the restaurant could be hit with $17 billion in damages.
Privacy advocates have said businesses and their technology vendors have known or should have known about the law. And an individual’s biometric privacy is at least commensurate with a business’ trade secrets, which are guarded zealously.