The Illinois Supreme Court issued an opinion Friday in an ongoing case against White Castle in connection to the state’s Biometric Information Privacy Act (BIPA) that could potentially result in massive fines.
The opinion came after the U.S. Court of Appeals for the 7th District requested for the state’s highest court to certify whether BIPA claims accumulate with each biometric data scan or transmission that allegedly violates the law or just the first instance. The Illinoise Supreme Court ruling was 4-3.
WHITE CASTLE HIRING ROBOTS TO ‘GIVE THE RIGHT TOOLS’ FOR SERVING MORE ‘HOT AND TASTY FOOD’: VP
In the proposed class action case, the plaintiff sued White Castle on accusations the fast-food chain had “unlawfully collected her biometric data and unlawfully disclosed her data to its third-party vendor” without her consent for several years after implementing fingerprint-scanning for employee computer access, according to the Illinois Supreme Court document.
“We conclude that the plain language of section 15(b) and 15(d) shows that a claim accrues under the Act with every scan or transmission of biometric identifiers or biometric information without prior informed consent,” the Illinois Supreme Court said Friday the ruling.
In a statement, White Castle told FOX Business it was “deeply disappointed with the court’s decision and the significant business disruption that will be caused to Illinois businesses, which now face potentially huge damages.”
“We are reviewing our options to seek further judicial review, given the strong dissenting opinion, which included the Court’s Chief Justice,” the fast-food chain continued. “This dissent justifiably raises serious concerns about today’s opinion.”
Meanwhile, James Zouras, the attorney representing the plaintiff, told Reuters that “hopefully, today’s decision will encourage employers and other biometric data collectors to finally start taking the law seriously.”
FACEBOOK AGREES TO PAY RECORD $650M TO SETTLE FACIAL RECOGNITION LAWSUIT
Private entities are barred from “collect[ing], captur[ing], purchas[ing], receiv[ing] through trade, or otherwise obtain[ing]” someone’s biometric data without getting informed consent beforehand under BIPA. The law also puts restrictions on them “disclos[ing], redisclos[ing], or otherwise disseminat[ing]” such data without consent, among other provisions.
Negligent violations can come with $1,000 fines, according to the state law. For intentional or reckless violations, the penalties are $5,000 each.
White Castle contended alleged claims “can accrue only once – when the biometric data is initially collected or disclosed,” the majority opinion said.
“It will lead to consequences that the legislature could not have intended,” Illinois Supreme Court Justice David Overstreet argued about the majority opinion in the dissent. “Moreover, the majority’s interpretation renders compliance with the Act especially burdensome for employers.”
GOOGLE SUED BY TEXAS ATTORNEY GENERAL OVER ALLEGED BIOMETRIC DATA VIOLATIONS
White Castle said damages could be upwards of an estimated $17 billion “if plaintiff is successful and allowed to bring her claims on behalf of as many as 9500 current and former White Castle employees,” the majority opinion stated.
The case will return to the lower court.