Legal Brief: More Major Companies Fighting Illinois Biometrics Law

Dec. 12, 2019
Lowe's and Home Depot join Facebook as defendants in lawsuits over the use of facial recognition
Timothy J. Pastore, Esq., is a Partner in the New York office of Montgomery McCracken Walker & Rhoads LLP (www.mmwr.com), where he is Vice-Chair of the Litigation Department. Before entering private practice, Mr. Pastore was an officer and Judge Advocate General (JAG) in the U.S. Air Force and a Special Assistant U.S. Attorney with the U.S. Department of Justice. Reach him at (212) 551-7707 or by e-mail at tpastore@mmwr.com.
Timothy J. Pastore, Esq., is a Partner in the New York office of Montgomery McCracken Walker & Rhoads LLP (www.mmwr.com), where he is Vice-Chair of the Litigation Department. Before entering private practice, Mr. Pastore was an officer and Judge Advocate General (JAG) in the U.S. Air Force and a Special Assistant U.S. Attorney with the U.S. Department of Justice. Reach him at (212) 551-7707 or by e-mail at [email protected].

My September 2019 column, “Biometrics, the Law and Your Company” (www.securityinfowatch.com/21094070) described a legal fight being waged by Facebook over the one of the most stringent and robust privacy statutes in the country – the Illinois Biometric Information Privacy Act (“BIPA”) (740 ILCS/14 and Public Act 095-994). In particular, Facebook has been defending a class action for years involving the use of its facial recognition technology and the allegation that it runs afoul of the protections afforded to the public under BIPA.

A couple months later, Facebook now has company in the world of BIPA class actions – from major retailers Home Depot and Lowe’s.

On September 4, 2019, a group of plaintiffs – seeking to form a class – simultaneously filed nearly identical class action complaints against Lowe’s in Cook County Circuit Court in Chicago and against Home Depot in federal court in Atlanta. (Editor’s Note: This was the topic of an article by SecurityInfoWatch.com Editor Joel Griffin: www.securityinfowatch.com/21110872).

The allegations accuse Home Depot and Lowe’s of violating BIPA by “surreptitiously” scanning customers’ faces as they shop. The face scanning initiatives, alleged to have persisted for years (11 years according to the Lowe’s complaint), are claimed to track customers by the geometry of their face, even across multiple store locations. As a reminder, under BIPA, private entities, such as these retailers, are not permitted to “collect, capture, purchase, receive through trade or otherwise obtain a person’s or a customer’s biometric identifier or biometric information” unless they follow certain procedures – such as obtaining prior notification and consent and developing a publicly available, written policy governing how long any biometric data will be retained. Here, the allegations are that Home Depot and Lowe’s failed to obtain customer consent and failed to disclose how the collected biometric data is maintained and how it will be destroyed.

Not only is the face scanning done without consent, but the plaintiffs in these actions assert that these purported loss prevention initiatives are willfully concealed. In the old days before BIPA, concealed loss prevention techniques would make perfect sense. Think about it – do retail stores want you to know they are watching you and tracking your every move to protect against theft? No; however, the deployment of these facial recognition technologies and the evolution of statutory and common law has changed the dynamic. BIPA, for example, mandates that catching the bad guys cannot come at the expense of violating the privacy rights of the good guys. Damages under BIPA range from $1,000 for each negligent violation to $5,000 for each intentional or reckless violation. That adds up significantly when you consider, for example, that Home Depot has approximately 76 stores in Illinois – with hundreds of thousands or millions of repeat customers.

Nevertheless, there are some favorable signs for companies like Facebook, Home Depot, Lowe’s and others. Indeed, some BIPA decisions have favored the defense:

  • In 2017, in a case known as Santana v. Take-Two Interactive, the Second Circuit Court of Appeals held that NBA 2K players lacked standing to pursue BIPA claims because they suffered no actual injury or harm by the video game’s collection and retention of their face scans.
  • In late 2018, the U.S. District Court for the Northern District of Illinois in Rivera v. Google dismissed a BIPA lawsuit against Google based on an absence of any concrete injury resulted from its image collection.

These cases demonstrate that some courts will require plaintiffs to show concrete injury – not mere procedural or technical violations of BIPA. Facebook is making this argument without success so far. If Lowe’s and Home Depot can demonstrate that, despite technical violations of BIPA, their customers suffered no actual harm, then this will be a significant legal victory for these companies and an opportunity to escape the risk of substantial damages.

Meanwhile, as you shop for lightbulbs, tools or building supplies this weekend, know that someone is watching, that your face is being measured, and that you should keep smiling!

Timothy J. Pastore, Esq., is a Partner in the New York office of Montgomery McCracken Walker & Rhoads LLP (www.mmwr.com), where he is Vice-Chair of the Litigation Department. Before entering private practice, Mr. Pastore was an officer and Judge Advocate General (JAG) in the U.S. Air Force and a Special Assistant U.S. Attorney with the U.S. Department of Justice. Reach him at (212) 551-7707 or by e-mail at [email protected].

About the Author

Timothy J. Pastore, Esq.

Timothy J. Pastore Esq., is a Partner in the New York office of Montgomery McCracken Walker & Rhoads LLP (www.mmwr.com), where he is Vice-Chair of the Litigation Department. Before entering private practice, he was an officer and Judge Advocate General (JAG) in the U.S. Air Force and Attorney with the DOJ. [email protected]  •  (212) 551-7707

Meet Timothy J. Pastore

Timothy J. Pastore, Esq., is the newest columnist to join the Security Business magazine family. He is a Partner in the New York office of Montgomery McCracken Walker & Rhoads LLP (www.mmwr.com), where he is Vice-Chair of the Litigation Department. 

Before entering private practice, Mr. Pastore was an officer and Judge Advocate General (JAG) in the U.S. Air Force and a Special Assistant U.S. Attorney with the U.S. Department of Justice. As a JAG, in particular, Mr. Pastore was legal counsel to the Air Force Security Forces and Air Force Office of Special Investigations.

Mr. Pastore has represented some of the largest companies in the security industry, including Protection One, Comcast, Charter, Cox, Altice, Mediacom, IASG, CMS and others. He regularly provides counsel on risk management, contracting, operations, licensing, sales practices, etc. Mr. Pastore also has served as lead counsel in courts throughout the country in dozens of litigation matters involving the security industry.

Among other examples, Mr. Pastore led the successful defense at trial of cable giant Comcast in a home invasion case in Seattle, Washington. The case received significant press attention and was heralded by CVN as a top-ten defense verdict.

Mr. Pastore is a graduate of Bucknell University and Boston College Law School.

Reach him at (212) 551-7707 or by e-mail at [email protected].