We have previously reported on lawsuits raising novel claims and issues under the Illinois Biometic Privacy Act (Illinois Act), including pending class actions against Facebook. On December 1, a settlement was reached in a class action filed under the Illinois Act. In an Illinois state court action, a class will receive a total of $1.5 million to resolve claims asserting that a tanning salon franchise has improperly compiled and used members’ fingerprint biometrics. Secura v. L.A. Tan, Ill. Cir. Ct., 2015-CH-16694.
Enacted in 2008, the Illinois Act requires companies to obtain consent before collecting biometric data and to inform how the data will be managed. It allows for private causes of action for alleged violations.
In the settled lawsuit, the plaintiffs sought relief based upon allegations that the franchisor’s national membership database uses fingerprint scans to identify customers and allow them to use memberships at various locations. Under the settlement, the payout will be $125 per individual salon member in the class. Although the payout per individual is modest, the settlement may have ramifications as more cases are brought under the Illinois Act and companies must assess how the threat of class action payouts may influence their collection and use of biometric data. In a separate action, the plaintiffs have challenged an Illinois franchisee disclosure of such fingerprint data to a third-party vendor, which remains pending.
As more states consider and ultimately enact biometric data protection laws, questions will arise as to their scope and enforceability, particularly through regulatory oversight or private cause of action. Also, we will continue to monitor and report on the several pending class action lawsuits under the Illinois Act, as courts address issues such as standing to sue, class certification and the underlying merits of these claims raising novel and evolving biometric data concerns.