Duane Morris Privacy Class Action Review – 2024

lead to billions in damages when considering the Illinois Supreme Court’s decision in Cothron, et al. v. White Castle Systems Inc., which held that a separate claim accrues each time a person’s biometric data is scanned or transmitted. EWF argued that the possibility of significant damages in the case was a barrier to class certification because it gave class members an incentive to pursue individual litigation, created difficulties for the court in managing individualized damages determinations, and posed due process concerns. The court disagreed. It opined that the possibility that some individual class members would prefer to litigate their claims individually was a mere hypothesis as this stage and that the awarding of damages would be easily managed through the application of a standardized per-scan damages award. The court also rejected EWF’s argument that a class should not be certified because the case may potentially result in a damages award of more than $10 billion, which would violate EWF’s due process rights. The court held that under Seventh Circuit precedent, the potential for massive class-wide damages did not render class certification inappropriate. The plaintiffs, a group of Amazons fulfillment center associates in Gorgas, et al. v. Amazon.com, Inc ., 2023 U.S. Dist. LEXIS 109556 (N.D. Ill. June 23, 2023), filed a class action alleging that the defendant violated the BIPA by using cameras to collect facial geometry scans of employees. The defendant moved to dismiss the plaintiffs’ claims, and the court denied the motion. The plaintiffs alleged that the defendants stored, used, profited from, and disclosed these scans without proper consent in violation of Sections 15(a)-(d) of the BIPA. The defendant required workers to have electronic images of their faces taken for identification badges, which were stored in the defendant’s databases. The plaintiffs alleged that the defendant used, marketed, and sold Rekognition, an image-recognition software, to third parties and that the software was in thousands of cameras installed throughout the defendant’s facilities to identify, detect, monitor, and track workers' movement and behavior for purposes such as loss prevention, quality assurance, and productivity monitoring. The court held that the plaintiffs sufficiently alleged possession and collection of biometric data by providing specific details about the use of cameras, facial recognition software, and the purposeful tracking of employees. The court also found the plaintiffs’ allegations regarding disclosure or dissemination plausible, and therefore denied the defendant’s motion to dismiss. In Daichendt, et al. v. CVS Pharmacy, Inc. , 2023 U.S. Dist. LEXIS 89451 (N.D. Ill. May 4, 2023), the plaintiffs alleged that defendant CVS violated the BIPA in connection with CVS Pharmacy's passport photo-taking practices, which involve a photo system that allegedly photographs an individual for a passport or other ID and then scans the person’s face to ensure the photos meet head size, facial expression, and eye position requirements. The court dismissed the plaintiffs’ initial complaint, finding that the consumers failed to allege CVS could use the facial data it collected to identify them, which the court characterized as being "the most foundational aspect of a BIPA claim." Id . at *1-2. But the court held that their amended complaint cured that deficiency, as the plaintiffs now alleged that they entered their names, email addresses, and phone numbers into a CVS computer terminal before having their faces scanned. The court rejected CVS's contention in its second dismissal bid that there was a difference between identifying biometric identifiers and detecting certain facial features. While the court agreed with CVS that the photo system's output addressed non-identifying features ( e.g. , whether eyes are closed or open; whether mouths are closed and/or smiling), the court concluded that the relevant inquiry is whether CVS’s “photo system collects or stores plaintiffs' identifying biometric data during the process of verifying plaintiffs' features.” Id. at *2. The court concluded that plaintiffs plausibly alleged that the system did and agreed with the plaintiffs’ argument “that to determine whether a user's eyes are open or closed, or whether that person's mouth is closed or smiling, the passport photo system would necessarily have to scan the individual's face.” Id. In Robinson, et al. v. Lake Ventures LLC , 2023 U.S. Dist. LEXIS 156296 (N.D. Ill. Sept. 5, 2023), the plaintiffs, a group of grocery employees, filed a class action alleging that the defendant violated the BIPA by collecting and storing their biometric information without their consent. The plaintiffs were warehouse workers at the defendant ’ s distribution center in Illinois, and claimed that the defendant used the Vocollect system, which collects voice recordings for real-time communication in their workplace to create voice templates for worker identification. The plaintiff asserted that the defendant required workers to create

12

© Duane Morris LLP 2024

Duane Morris Privacy Class Action Review – 2024

Made with FlippingBook - professional solution for displaying marketing and sales documents online