The Lyon Firm is reviewing class action BIPA claims and investigating privacy violations on behalf of plaintiffs nationwide.
Consumers and workers have filed numerous complaints, alleging that social media and tech companies, as well as employers, have violated their right to privacy by collecting and selling their biometric data. As a result, lawsuits have been filed and companies have been hit with hundreds of millions in penalties.
The Biometric Information Privacy Act (BIPA), meant to regulate companies’ use of biometrics, is the cornerstone piece of legislation that has led to high-value class action personal privacy lawsuits.
BIPA claims accrue the first time a person’s biometric information is obtained by a particular entity, and not only that but the Illinois courts have decided that a claim under Illinois’ Biometric Information Privacy Act (BIPA) may accrue each time a private entity collects or discloses biometric identifiers (such as fingerprints and retina scans) without informed consent, as opposed to accruing only with the first collection or disclosure. Thus, damages awards can add up quickly for one or more plaintiffs and and creates severe consequences for employers.
Unlike earlier privacy protections, BIPA allows for a private cause of action for non-breach privacy violations with statutory damages against companies that collect, capture, purchase, receive, disclose, or disseminate biometrics.
The BIPA Illinois statute prohibits an entity from collecting biometric information unless it fulfills the following:
Biometric privacy laws stress the requirement to provide notice in writing and to obtain a written release from individual consumers and employees. BIPA Illinois also requires companies to make available a biometrics retention schedule, and prohibits profiting from such sensitive data.
Some of the more important provisions of biometric privacy laws include the following:
Lawmakers established the Illinois Biometric Information Privacy Act (BIPA) in 2008 in response to the growing use concern of biometric data misuse. Cases now include all kinds of alleged biometric technology, including multiple cases involving biometric time clocks and the unlawful collection of biometric identifiers.
According to the BIPA, biometric identifiers may include:
Under the privacy act, any person harmed by a privacy violation has a right of legal action. Plaintiffs may recover damages of $1,000, and for intentional or reckless violations, up to $5,000 in liquidated damages or actual damages, whichever is greater.
Settlements have been massive, and the courts continue to rule favorably for victimized plaintiffs in privacy cases. A federal court in California approved a $615 million settlement in a class action lawsuit against Facebook when the company allegedly collected users’ facial geometry without following BIPA requirements.
A judge in Illinois granted approval of a $92 million settlement involving alleged violations of the BIPA against TikTok for “harvesting and profiting” from plaintiffs’ geolocation information, personally identifiable information, and unpublished digital recordings.
Google agreed to pay $100 million to settle a class action lawsuit after the company allegedly violated the Illinois’ Biometric Information Protection Act (BIPA) through Photos’ “Face Grouping” feature.
Snap, the parent company of Snapchat, reached a $35 million settlement in a class action lawsuit that alleged the company’s filters and lenses features violated Biometrics Information Privacy Act (BIPA).
Contact The Lyon Firm for more information regarding biometric consent meaning, your privacy rights, or for a free BIPA class action consultation.
There is always the risk of data breaches or hacks leaking sensitive information to various dark webs or forums, with the potential for fraud or identity theft. Identity theft is a major concern, and if a cybercriminal obtains fingerprints, retina, facial, or voice data, they may pose a serious security threat. You can always change bank account numbers, but you can never change your biometrics.
Some personal information could also be abused by public or private entities for financial gain. Unethical marketers and advertisers also seek personal data to better target consumers.
Contact Joe Lyon to learn more about your privacy rights, and to file a claim following data privacy violations. The Lyon Firm works diligently to identify workplace data privacy violations, and represent plaintiffs in class action biometrics invasion of privacy cases. Joe Lyon works with leading law firms across the country, and engages multi-national corporations in various negligent security cases.
Victims of privacy violations may face a serious risk of identity theft, and may seek compensation from employers or companies who violate their privacy rights. Data Privacy cases often involve hundreds or thousands of individuals and plaintiffs can be rewarded with large settlements.
The Lyon Firm is currently involved in Class Action Data Breach & Data Privacy litigation and offers free, confidential consultations to plaintiffs nationwide. Contact us for an invasion of privacy or data theft case review.
Without personal data privacy violation class actions, large corporate defendants would be able to cause small amounts of harm over a large group of individuals without any risk of monetary penalty. By holding companies accountable for safely storing your personal information, every consumer will have more control over how their data is used in the future.
A recent privacy bill in Maryland proposes that a biometric identifier is defined as “data of an individual generated by automated measurements of an individual’s biological characteristics.” This could include fingerprints, voiceprints, DNA, retina or iris image, or any other unique biological characteristic used to uniquely authenticate an individual’s identity.
Under current privacy law the firm or organization that is storing user data are responsible for data breaches and will pay any fines or damages that are the result of legal action. The actual data holder—an organization that provides cloud storage—is not usually legally implicated or held responsible in litigation.
The majority of BIPA lawsuits are filed against employers who utilize biometric timekeeping systems with fingerprint or facial recognition scans, and collect the employee biometric data.
BNSF was found guilty of violating the privacy of 45,000 truck drivers, and plaintiffs were awarded $228 million. BNSF was found guilty of violating Illinois the Biometric Privacy Act (BIPA) after they were accused of using a fingerprint system that allowed drivers to access railyards for pickups and drop-offs, but did not obtain written consent.
Motorola, Clearview AI and Vigilant are facing legal action for allegedly collecting mugshots that were used by law enforcement. Microsoft, Amazon, Alphabet, and FaceFirst Inc. are alleged to have violated privacy laws by collecting photos for facial recognition data from the website, Flickr.
A proposed class action alleges Ring, LLC has failed to protect the privacy of its motion-activated cameras and the personal information of its customers. The complaint alleges Ring’s devices are rife with security vulnerabilities, which may compromise the personal data of existing and future customers.
Cyber criminals may have the potential to hack into Ring devices and home networks. The lawsuit aos brings to light the fact that Ring has shared users’ personal identifying information with third parties without first obtaining prior consent. The complaint says the devices are not well-equipped to deal with potential hacks.
Plaintiffs in the case want Ring to take additional security measures to protect the privacy of user accounts and installed devices, as well as stop sharing personal data without clear and informed consent.
Reports have surfaced that several user accounts and devices were hacked, and plaintiffs argue the company was late in addressing security issues.
Beyond the security issues, Ring permits third parties to track users, raising eyebrows from consumer safety and data privacy advocates.
Octapharma agreed to pay $10 Million to settle a class action lawsuit regarding fingerprint scans of plasma donors, which violated the Illinois biometric privacy law.
The GIPA (Genetic Information Nondiscrimination Act) is a statute that expands on privacy laws, originally drafted under the Health Insurance Portability and Accountability Act (HIPAA). This act is largely concerned with the privacy of Americans’ genetic information. GIPA includes requirements applicable to genetic testing companies, health care providers, business associates, insurers, and employers.
Only a few states currently have biometric data privacy laws, though some pending bills are making their way for approval. Illinois, Texas, and Washington currently have biometric privacy laws, with many lawsuits being filed citing violations described in the Illinois statute.
Another biometric privacy bill has been introduced by South Carolina, called the Biometric Data Privacy Act (BDPA). The BDPA incorporates existing biometric privacy statutes along with a broader range of protections. Violations may result in individuals being able to recover $1,000 in statutory damages per negligent violation and $10,000 per intentional or willful violation. The BDPA requires companies to adhere to the following:
The National Biometric Information Privacy Act of (NBIPA) has been pending in the U.S. Senate since August 2020. NBIPA requires informed written consent prior to collecting or capturing biometrics, and also imposes retention, disclosure, and destruction requirements. NBIPA also provides a private right of action for violations, with statutory damages of $1,000 or $5,000.
Yes, but consent is required to use a person’s biometrics.
Meta Platforms, the parent company of Facebook, said it was ending the facial recognition system it used to identify people in posted images. The company is trying to limit a public relations crisis on several fronts and facial recognition has become an increasingly toxic concept .
Meta’s facial recognition tech decision follows Microsoft Corp. and Amazon.com Inc., both of whom restricted the use of their facial recognition by law enforcement agencies. Several municipalities in the U.S. have passed legislation limiting use of facial recognition technology, and privacy attorneys are calling for further restrictions which can easily be abused by private companies.
Last year, Facebook paid $650 million to users whose biometric information had allegedly been compiled without proper consent.
Meta said it is deleting its database of facial profiles but kept its underlying facial recognition algorithm.
A voiceprint is a unique biometric identifier. Voice recognition technology can identify specific individuals when a voice sample is saved by a company for various reasons.
Walmart is facing an Illinois biometrics privacy law class action in which the retailer is accused of improperly recording and tracking the “voiceprints” of workers at warehouses.
Walmart, and other large retailers, use voiceprints and voice technology in their fulfillment and distribution centers. Voiceprints, however, are considered biometrics, and subject to the Illinois Biometric Information Privacy Act (BIPA). The collection and storage of voiceprints is the primary issue, and plaintiffs say these ought to be destroyed.
Walmart allegedly violated the BIPA law by failing to obtain written authorization from workers before requiring them to scan their voiceprints.
The lawsuit argues Walmart did not provide necessary notices to workers, such as how the company would use the voice records, or how they would be saved, shared, or ultimately deleted from company systems.
Filing Class Action lawsuits is a complex and serious legal course and can carry monetary sanctions if proper legal course is not followed. The Lyon Firm is dedicated to assisting injured plaintiffs work toward a financial solution to assist in compensating for privacy violations or other damages sustained.
We work with law firms across the country to provide the most resources possible and to build your data privacy case into a valuable settlement. The current legal environment is favorable for workers and consumers involved in data privacy class actions.