Quantcast

Cook County judge: Walmart, other employers can't look to IL constitution for protection from biometrics class actions

COOK COUNTY RECORD

Thursday, November 21, 2024

Cook County judge: Walmart, other employers can't look to IL constitution for protection from biometrics class actions

State Court
Walmart

Illinois’ state constitution offers no escape valve for employers facing a blizzard of class action lawsuits, accusing them of violating a state biometrics privacy law by making employees scan finger or hand prints to punch the clock or enter a secure area, a Cook County judge has ruled.

On Oct. 25, Cook County Circuit Judge Pamela McLean Meyerson rejected a motion from Walmart, which was seeking to dismiss a class action lawsuit accusing it of violating the privacy rights of workers required to scan their handprints before handling money drawers for sale registers at its Illinois stores.

The company had attempted to argue the Illinois state constitution shouldn’t allow the class action to continue, because the plaintiffs bringing the lawsuit can’t prove the workers were ever harmed by the handprint scans and collection of their so-called biometric identifiers.

Judge Meyerson, however, said the company’s motion ran into a very high legal wall established by the Illinois Supreme Court earlier this year.

The lawsuit was brought in January by attorneys with the firm of Werman Salas P.C., of Chicago. The class action was brought on behalf of named plaintiff Ethan Roach. According to the complaint, Roach, of Madison County, near St. Louis, had worked at Walmart’s store in downstate Litchfield in various roles from early 2016-September 2017.

Among his roles, Roach allegedly was required to handle cash register drawers. However, when retrieving and returning those drawers, Roach and other similar employees were required by Walmart to scan their handprints.

The lawsuit acknowledged the biometric security procedure allows Walmart to better secure its cash registers and ensure only designated employees can handle the money-filled drawers.

However, Roach’s class action says the scans are still illegal under Illinois’ Biometric Information Privacy Act because Walmart did not first obtain written consent from Roach and other workers before scanning their handprints, and did not provide workers with written notices concerning how their biometric data would be collected, stored, used, shared and ultimately destroyed. They assert these notices and authorizations are required by the Illinois BIPA law.

The complaint has asked the court to order Walmart to pay $1,000-$5,000 per violation, as allowed under the BIPA law. Some observers have interpreted the law, in such cases, to define a “violation” of BIPA as each time an employee scanned a handprint, or other biometric identifier, into a system operated and maintained by an employer.

It is not known how many times a day Roach or other Illinois Walmart employees were required to scan their handprints while working for Walmart, nor how many Walmart employees in Illinois were required to scan a handprint.

The lawsuit against Walmart is one of hundreds of such lawsuits now pending in Cook County and other Illinois courts under the BIPA law. The majority of such lawsuits have targeted employers of all sizes and types, typically for requiring employees to verify their identity by scanning a fingerprint when punching in and out of work shifts, or when accessing secured areas, like drug storage closets at hospitals, or sensitive items, like cash register drawers filled with money.

The lawsuits have multiplied rapidly in 2019, in the wake of an Illinois Supreme Court decision making it easier for plaintiffs to defeat defendants’ motions to dismiss. Those challenges initially focused on the right of plaintiffs to bring lawsuits.

The companies that had been targeted by the class actions had asserted the plaintiffs couldn’t demonstrate they had actually been harmed by the biometric scans and data retention. While the complaints mentioned enhanced data privacy or security risks from such scans, the defendants argued the plaintiffs never had their identity stolen, nor was the data breached or left insecure in any way.

 Therefore, they argued, the plaintiffs had no standing to sue, because they only alleged “technical” violations of the law’s requirements.

Those arguments were largely shot down by the Illinois Supreme Court in January. In the case docketed as Rosenbach v Six Flags, the state high court said the technical violations were not harmless, but were “real and significant” injuries under the law. Therefore, the state Supreme Court said, the plaintiffs had standing to sue. The state high court justices also brushed aside concerns over the possibility of massive, crippling financial damages that could be ordered against employers.

In the Roach case vs Walmart, the world’s largest retailer attempted to shift the question over standing, arguing the question of standing in Illinois courts should be governed by the state constitution, and those standards “require more than an alleged violation of the specific procedural mandates of BIPA.”

Walmart again asserted Roach and other members of his plaintiffs’ class couldn’t demonstrate a “distinct and palpable injury-in-fact” resulting from the alleged violations of the BIPA notice and authorization requirements.

Judge Meyerson, however, boxed up those arguments.

“It is a defendant’s duty to plead and prove lack of standing, not a plaintiff’s duty to allege standing,” Meyerson wrote in her judgment denying Walmart’s motion to dismiss. “Beyond that, the court in Rosenbach held that a violation of BIPA is a ‘real and significant’ injury.

“If it is ‘real and significant’ for purposes of BIPA, it follows that it is ‘distinct and palpable’ for purposes of common law or the Illinois Constitution.”

The judge also rejected Walmart’s attempt to dismiss the action under the statute of limitations. Walmart had argued Roach’s action should fall under the one-year time limit applied to invasion of privacy claims.

Meyerson, however, said Roach’s complaint doesn’t accuse Walmart of “publication” of his biometric data, only “the improper collection and storage of Plaintiff’s private biometric information in violation of BIPA.”

She ruled the proper statute of limitations is a five-year “catch-all provision” within state law.

Walmart has been represented in the action by attorneys with the firm of Steptoe & Johnson LLP, of Chicago.

More News