Smarte Carte, one of America’s largest providers of rentable
storage lockers at train stations, airports, amusement parks and other popular
locations, has beaten back a privacy class action lawsuit, after a Chicago federal
judge ruled the company didn’t violate a controversial Illinois biometric
privacy law by storing, without explicit advanced consent, fingerprints used by
patrons to open the lockers.
On Aug. 1, U.S. District Judge Sharon Johnson Coleman dismissed
a lawsuit brought by plaintiff Adina McCollough, an Illinois woman who claimed Smarte
Carte had violated her rights under Illinois’ Biometric Information Privacy Act
by requiring her to scan her fingerprint to operate a locker she rented at
Chicago’s Union Station, and not providing her with written documents detailing
how the company would store the print, and how and when the digital biometric
scan of her fingerprint would be destroyed.
McCollough had filed her lawsuit in March, asking the court
to certify a class of additional plaintiffs, potentially numbering in the
thousands, who had similarly used Smarte Carte’s biometrically secured storage
lockers at Union Station and other Illinois locations.
The lawsuit had requested the court order Smarte Carte to
pay unspecified statutory damages, as well as refund locker rental fees paid by
McCollough and other plaintiffs, plus attorney fees.
McCollough was represented in the action by attorneys Mark
A. Bugarelli and Ilan Chorowsky, of the Progressive Law Group, of Chicago.
However, Judge Coleman, drawing on a spate of recent
precedent concerning lawsuits over the storage and use of electronic personal
information, said McCollough failed to ever allege how exactly she was harmed
by the need to use her fingerprint to rent and operate the locker.
The judge said McCollough’s case was particularly undermined
by the lack of any evidence, or even allegations from her, that her biometric information
was ever at risk of being disclosed or obtained by anyone else, for any other
“How can there be an injury from the lack of advance consent
to retain the fingerprint data beyond the rental period if there is no
allegation that the information was disclosed or at risk of disclosure?”
Coleman wrote. “It was simply retained.”
Coleman particularly referenced the U.S. Supreme Court’s
recent Spokeo decision, in which the nation’s high court similarly found a
procedural violation of a law, such as Illinois’ BIPA, doesn’t automatically
allow individuals to sue companies that may have broken the law; there must be
an injury under the law, the judge said.
In this case, without any allegation that she or others were
harmed by the retention of fingerprints beyond the period for which a locker
was rented, or by the failure to provide the notice or secure advanced consent,
McCollough did not have legal standing to continue with her lawsuit, the judge
The judge dismissed the case, but did so without prejudice
concerning McCollough’s state law claims, meaning she could still introduce a
similar action in Cook County Circuit Court, if she so chose.
Smarte Carte, based in St. Paul, Minn., was defended in the
action by the firm of Vedder Price P.C., of Chicago.
The decision comes amid a flurry of other similar cases alleging
violations of the BIPA now pending in federal courts against other businesses.
Defendants in those cases range from some of the world’s biggest social media brands,
including Facebook, to local franchisees for tanning salons, which use biometric
information to administer customer rewards programs.
In response to some of those other cases, the defendant
companies have similarly argued plaintiffs cannot actually demonstrate how they
were harmed by the use and storage of fingerprints or other biometric
Critics have characterized as “opportunistic” such lawsuits
under the Illinois law, which was passed in 2008, but only recently gained
attention when the first lawsuits began rolling into Chicago’s federal courts
about a year ago.