Illinois Supreme Court rules White Castle may face billions in penalties for biometric data collection
The Illinois Supreme Court has ruled that fast food chain White Castle must face a lawsuit alleging the company repeatedly scanned the fingerprints of almost 9,500 employees without consent. The case could lead to the company being hit with billions in penalties. There are broader implications for companies in the edge computing ecosystem, as well.
Edge computing is playing a key role in an increasing number of biometric applications going beyond fingerprinting and into applications such as facial recognition. New processors, new edge AI algorithms and development tools are all playing a part in enabling biometric applications that have better performance and security than ever before. The White Castle case highlights the role vendors can play in offering systems that protect privacy — and also highlights the challenges they face in dealing with a wide variety of laws and regulations.
The court’s 4-3 decision is based on the Illinois Biometric Information Privacy Act (BIPA). Noncompliance with this law is met with fines of $1,000 for violations and a penalty of $5,000 if the violation is reckless or intentional. According to the law, companies must obtain approval before collecting biometric information, including fingerprints and retinal scans, from their employees or customers according to the law.
White Castle adopted biometric fingerprint systems to ensure accurate and secure clock-in and -out of their hourly employees. White Castle contended that they could only be taken to court for their original collection of employees’ fingerprints, and not for every instance the prints were scanned in order to enter a company computer system. However, the court said BIPA prohibits capturing or collecting biometric information without consent, and White Castle collected fingerprints every time workers used the computer system.
The lawsuit against White Castle returns to the U.S. appeals court to apply Friday’s decision. In a statement released by a spokesperson, the company said it was disappointed with the ruling and is considering its next moves.
James Zouras, the plaintiff’s lawyer, says the decision means companies must remember their legal obligations to keep information private.
“Hopefully, today’s decision will encourage employers and other biometric data collectors to finally start taking the law seriously,” he states in a Reuters report.
The court’s ruling follows a separate case decided two weeks ago, in which it held that plaintiffs have five years in hand to sue for BIPA violations. These rulings can open companies up to lawsuits regarding more violations of BIPA over a more extended period, leading to multi-billion dollar judgments and settlements.
For example, in 2020, Facebook paid $650 million to settle a BIPA class action involving using facial recognition software. In October, a jury made BNSF Railway Co pay $228 million for taking truck drivers’ fingerprints without consent.
The case in question is Cothron v. White Castle System Inc., which the Illinois Supreme Court heard on docket no. 128004.
Since 2017, approximately 2,000 lawsuits that allege BIPA violations have been filed, yielding a series of massive settlements and judgments. It remains to be seen how the case against White Castle will proceed and whether it could lead to multi-billion dollar penalties for the company. That said, the White Castle case could potentially lead to stricter biometric practices and policies among organizations to avoid potential damages.
Article Topics
biometric | computer vision | edge AI | facial recognition | lawsuit | regulation | White Castle
Comments