All Things Newz
Law \ Legal

Biometric Privacy Trends In The United States – Privacy Protection


The United States is seeing a surge in litigation over biometric
privacy rights. Most of this litigation is happening under state
law, and state attorneys general and private litigants have been
bringing lawsuits in record numbers. In particular, there has been
an uptick in class action litigation filed under the Illinois
Biometric Privacy Act (BIPA) (740 ILCS 14/1 et
seq
.).

In October 2022, the first BIPA case to go to trial concluded in
a jury verdict awarding $228 million to a group of truck drivers
who had sued BNSF Railway Co. (BNSF). When the truck drivers made
deliveries or pickups at BNSF’s facilities, their fingerprints
were scanned for identification purposes. They successfully argued
that this practice violated BIPA because BNSF failed to provide
them with prior written notice or obtain their prior written
consent.

BIPA authorizes private litigation to enforce its provisions.
The Illinois Supreme Court has held that plaintiffs only need to
show a violation of the statutory terms, and not that they suffered
any actual harm. Rosenbach v. Six Flags Ent. Corp., 2019
IL 123186, ¶ 28 (129 N.E.3d 1197, 1205, 432 Ill. Dec. 654,
662). In the absence of actual harm, BIPA provides for liquidated
damages of $1,000 for each negligent violation and $5,000
for each intentional or reckless violation, as well as
attorneys’ fees and costs. 740 ILCS 14/20.

In practice, defendants typically settle class actions like the
BNSF case rather than face a jury trial. BNSF’s decision to go
to trial was apparently influenced by the fact that a third-party
service provider, and not BNSF itself, scanned the truck
drivers’ fingerprints. At trial, BNSF argued that it had not
been negligent or reckless in retaining the service provider and
that it could not be held vicariously liable for the service
provider’s actions because the service provider was an
independent contractor.

The jury was not persuaded by BNSF’s arguments. It found
BNSF vicariously liable for 45,600 intentional or reckless
violations of BIPA, equal to the estimated number of drivers whose
fingerprints had been registered by an automatic gate system. The
judge entered judgment for damages in the amount of $228 million
(45,600 x $5,000).

Notably, the jury did not find that BNSF had violated BIPA each
time a driver’s fingerprints were scanned without written
notice or consent, but only upon the initial scan and registration.
There is another case currently sub judice before the
Illinois Supreme Court that will decide whether a BIPA claim
accrues each time a biometric identifier is scanned and transmitted
to a third party or only upon the first scan and transmission.
Cothron v. White Castle Sys., Inc., No. 128004, filed
pursuant to an order of certification from the U.S. Court of
Appeals for the Seventh Circuit, 20 F.4th 1156 (7th Cir. 2021). The
Illinois Supreme Court’s decision will establish the law going
forward but is unlikely to affect the jury’s finding in the
BNSF case.

Meanwhile, other BIPA cases continue to settle. The largest
settlement in a BIPA class action is still the $650 million
Facebook settlement. In re Facebook Biometric Info. Priv.
Litig.,
522 F.Supp.3d 617 (N.D. Cal. 2021). In that case,
plaintiffs alleged that Facebook’s “Tag Suggestions”
program identified their faces in uploaded photographs, resulting
in the collection and storage of their facial scans without prior
notice or consent.

The Facebook settlement has encouraged numerous class actions
and settlements. This year, BIPA lawsuits were filed against
7-Eleven, Amazon, Louis Vuitton, and others. Defendants who have
recently settled BIPA lawsuits include, among others, Google ($100
million), TikTok ($92 million), McDonald’s ($50 million) and
Snapchat ($35 million).

The recent surge in litigation has not been limited to BIPA
cases. In February of this year, the Texas Attorney General brought
that office’s first lawsuit under the Texas Capture or Use
Biometric Identifier Act (CUBI), suing Meta Platforms, Inc. (the
parent of Facebook and Instagram). The lawsuit against Meta
Platforms makes allegations similar to those in the BIPA class
action against Facebook. In October of this year, the Texas
Attorney General filed a similar lawsuit against Google, focused on
the Google Photos app and certain other software, including
voice-recognition software.

One reason for the growing number of lawsuits under U.S. state
law is that the United States does not have a comprehensive federal
privacy law. However, a U.S. federal agency, the Federal Trade
Commission (FTC), has been investigating the collection, storage
and use of biometric information under its authority to police
unfair and deceptive trade practices.

In January 2021, the FTC brought its first case alleging misuse
of facial recognition technology. In that case, the FTC alleged
that Everalbum, the operator of a photo storage and organization
app, misled consumers when it stated that it would not use facial
recognition technology unless the customer turned it on and that it
would delete customers’ photos and videos when they deactivated
their accounts. Everalbum settled quickly, agreeing to obtain
customers’ express consent going forward and to delete the
models and algorithms already developed through its facial
recognition technology. The settlement did not include any monetary
penalties.

Conclusion

Companies need to be vigilant in complying with biometric
privacy laws. Gartner, Inc., a leading technology consulting firm,
predicts that by 2024 the average annual budget for privacy
compliance at large companies will surpass $2.5 million, and that
by 2025 biometric privacy lawsuits will have resulted in $8 billion
in total penalties and settlements. These predictions seem credible
in light of the current litigation surge and the large settlements
that have already occurred.

The content of this article is intended to provide a general
guide to the subject matter. Specialist advice should be sought
about your specific circumstances.



Source link

Related posts

Residency Card Appointment Delays Until 2023 – Work Visas

FTC Proposes Change In Regulation, Enforcement Of Data Collection And Security – Privacy Protection

A Publication That Look Back At 25 Years Of EU Trade Mark Practices – Trademark