Smarte Carte, one of America’s largest providers of rentable storage lockers at train stations, airports, amusement parks and other popular locations, has beaten back a privacy class action lawsuit, after a Chicago federal judge ruled the company didn’t violate a controversial Illinois biometric privacy law by storing, without explicit advanced consent, fingerprints used by patrons to open the lockers.
On Aug. 1, U.S. District Judge Sharon Johnson Coleman dismissed a lawsuit brought by plaintiff Adina McCollough, an Illinois woman who claimed Smarte Carte had violated her rights under Illinois’ Biometric Information Privacy Act by requiring her to scan her fingerprint to operate a locker she rented at Chicago’s Union Station, and not providing her with written documents detailing how the company would store the print, and how and when the digital biometric scan of her fingerprint would be destroyed.
McCollough had filed her lawsuit in March, asking the court to certify a class of additional plaintiffs, potentially numbering in the thousands, who had similarly used Smarte Carte’s biometrically secured storage lockers at Union Station and other Illinois locations.
The lawsuit had requested the court order Smarte Carte to pay unspecified statutory damages, as well as refund locker rental fees paid by McCollough and other plaintiffs, plus attorney fees.
McCollough was represented in the action by attorneys Mark A. Bugarelli and Ilan Chorowsky, of the Progressive Law Group, of Chicago.
However, Judge Coleman, drawing on a spate of recent precedent concerning lawsuits over the storage and use of electronic personal information, said McCollough failed to ever allege how exactly she was harmed by the need to use her fingerprint to rent and operate the locker.
The judge said McCollough’s case was particularly undermined by the lack of any evidence, or even allegations from her, that her biometric information was ever at risk of being disclosed or obtained by anyone else, for any other use.
“How can there be an injury from the lack of advance consent to retain the fingerprint data beyond the rental period if there is no allegation that the information was disclosed or at risk of disclosure?” Coleman wrote. “It was simply retained.”
Coleman particularly referenced the U.S. Supreme Court’s recent Spokeo decision, in which the nation’s high court similarly found a procedural violation of a law, such as Illinois’ BIPA, doesn’t automatically allow individuals to sue companies that may have broken the law; there must be an injury under the law, the judge said.
In this case, without any allegation that she or others were harmed by the retention of fingerprints beyond the period for which a locker was rented, or by the failure to provide the notice or secure advanced consent, McCollough did not have legal standing to continue with her lawsuit, the judge said.
The judge dismissed the case, but did so without prejudice concerning McCollough’s state law claims, meaning she could still introduce a similar action in Cook County Circuit Court, if she so chose.
Smarte Carte, based in St. Paul, Minn., was defended in the action by the firm of Vedder Price P.C., of Chicago.
The decision comes amid a flurry of other similar cases alleging violations of the BIPA now pending in federal courts against other businesses. Defendants in those cases range from some of the world’s biggest social media brands, including Facebook, to local franchisees for tanning salons, which use biometric information to administer customer rewards programs.
In response to some of those other cases, the defendant companies have similarly argued plaintiffs cannot actually demonstrate how they were harmed by the use and storage of fingerprints or other biometric information.
Critics have characterized as “opportunistic” such lawsuits under the Illinois law, which was passed in 2008, but only recently gained attention when the first lawsuits began rolling into Chicago’s federal courts about a year ago.