Kronos, one of the country’s largest workplace timeclock vendors, may need to face a class action lawsuit under Illinois’ unique biometric privacy law, potentially exposing it to an untold massive payout, after a federal judge ruled Kronos may bear responsibility for securing permission from workers employed by Kronos’ customers, before those employers can use Kronos’ fingerprint-scanning timeclocks.
On April 13, U.S. District Judge Gary Feinerman refused to dismiss the sprawling class action against the Lowell, Mass.-based Kronos, brought by a group of Chicago area plaintiffs’ lawyers, potentially on behalf of thousands of workers throughout the state whose employers use Kronos’ timekeeping systems.
“Even if Kronos’s obtaining Plaintiffs’ data occurred ‘in the context of employment’ – as opposed to in the context of a business-to-business relationship between Kronos and their employers – Kronos still was a ‘private entity’ that ‘collect[ed]’ or ‘obtain[ed]’ Plaintiffs’ data, and thus remained obligated to receive a release from them as a condition of their employment,” Feinerman wrote in the 26-page opinion.
U.S. District Judge Gary Feinerman
Kronos has attempted to end the class action litigation since it was first introduced in early 2019 by lawyers from the firms of Stephan Zouras and Edelson P.C., each of Chicago.
The litigation asserted Kronos should be held accountable under the Illinois Biometric Information Privacy Act. The lawsuit notes Kronos supplied many employers across Illinois with so-called biometric time clocks, which require employees to verify their identities, typically by scanning fingerprints, when punching in and out of work shifts.
Many employers use such biometric time clocks to reduce so-called “punch fraud,” during which employees may punch the clock on behalf of a co-worker.
The complaint asserts Kronos had an obligation under the BIPA law to first secure permission from its customers’ employees to conduct the fingerprint scans, and to provide its customers’ employees with written notices concerning how their fingerprint scans would be used, stored, shared and ultimately destroyed.
The lawsuits targeting timeclock vendors represent one of the latest trends in the continuous storm surge of litigation against companies under the Illinois BIPA law.
The Illinois law is the only one of its kind in the U.S. While other states have enacted biometric privacy laws, only Illinois’ grants individuals the unfettered right to bring potentially massive actions against employers and other companies for what defendants have argued are merely technical violations of the law’s provisions.
Under the BIPA law, plaintiffs can demand damages of $1,000-$5,000 per violation, meaning damages can quickly escalate to enormous sums. In cases over employee punch clock fingerprint scans, for instance, violations can be defined as each time an employee scans a fingerprint, potentially putting employers and, now, time clock vendors, on the hook for damages of $4,000 to $20,000 per employee, per day, or more.
The potential for billions of dollars in damages, for instance, helped persuade Facebook recently to sign a $500 million deal to end to a BIPA class action over its photo tagging apps.
In more recent months, other attorneys, including those from the firms of McGuire Law P.C., of Chicago, and Fish Law Firm, of Naperville, added their own claims to the class action. The various firms have also tussled in court for control of the case and another similar action against Kronos' rival, ADP.
In the class action against Kronos, the company argued a year ago that the lawsuit was the “epitome of gamesmanship” by the plaintiffs’ lawyers.
Kronos noted many of those lawyers had already lodged a host of other BIPA actions against Kronos in lawsuits that also targeted specific employers who had installed Kronos timekeeping products in their workplaces.
They also asserted it would be “absurd reading” of the BIPA law to require the timeclock vendor to have the same responsibilities under the law as the employees’ actual employer.
Judge Feinerman, however, rejected all of Kronos’ assertions, and found the company could hold just as much responsibility as its customers under the consent and notification requirements of the BIPA law.
While the actual collection of the employees’ fingerprints may have been conducted by their employers, Feinerman said Kronos would also fall under the law’s provisions governing those who “capture, purchase, receive through trade, or otherwise obtain” that data.
The judge noted some decisions in Chicago courts have sheltered Kronos and other timeclock vendors from BIPA actions, saying employers are responsible for collecting the data and the employees' consent.
However, Feinerman said the decisions have been split on the question of whether Kronos and other vendors can be held liable in an “employment context” under BIPA.
And the judge also held the case can’t be dismissed from federal jurisdiction on so-called “standing” grounds. In other BIPA class actions, federal judges have ruled plaintiffs can’t sue under BIPA in federal court because federal precedent requires them to prove the collection and storage of their data actually harmed them in some way. Those cases have been sent back to the Cook County Circuit Court - where the plaintiffs’ lawyers had desired the cases to be in the first place – because the Illinois Supreme Court has ruled no such actual harm is needed to potentially claim millions of dollars in damages. Rather, the state Supreme Court said plaintiffs need only show an employer or other defendant had violated one of the BIPA law’s technical notice and consent provisions.
However, in his case against Kronos, Judge Feinerman said the plaintiffs had gone further, accusing Kronos of not just collecting the information, but of then “disseminating” the data to “outside data hosts” for storage.
“That was no mere technicality, for without being informed that Kronos or outside data hosts would obtain their data, Plaintiffs were denied entirely an opportunity to object, in any fashion, to the way their data was handled,” Feinerman wrote.
The judge further rejected Kronos’ attempts to undo the class action, saying the company can’t yet show the various possible class members are too dissimilar.
Nor, the judge said, can Kronos undo the class action by arguing many of the class members also could recover from Kronos as part of many of the other hundreds of BIPA class actions now pending in Cook County court and elsewhere.
The judge said “those persons may be excluded from any certified class if they continue to maintain those suits.”
And the judge future proceedings in this class action could further weed out other potential class members, who may be excluded from the class action by federal labor laws or arbitration agreements, among other legal prohibitions.
Named plaintiffs in the action include Charlene Figueroa, who formerly worked for Tony’s Finer Foods, and Jermaine Burton, who worked for BWAY.
Kronos has been represented by attorneys with the firms of Shook Hardy & Bacon LLP and Perkins Coie LLP, each of Chicago.