CHICAGO — A federal judge won’t let White Castle end a biometrics class action despite the potential for an "absurd" result and "crippling" penalties.
In early 2019, attorneys with Stephan Zouras LLP, of Chicago, sued White Castle in Cook County Circuit Court on behalf of named plaintiff Latrina Cothron, a restaurant manager who started with the company in 2004. The lawsuit accused White Castle of using fingerprint-based time clocks since 2007, which violate the Illinois Biometric Information Privacy Act.
After White Castle removed the case to federal court, the restaurant chain also moved to dismiss the action. Judge John Tharp partially granted that request. In an opinion issued Aug. 7, Tharp denied the company’s request for judgment on the pleadings, finding Cothron’s remaining claims weren’t barred under statutory limitations.
Tharp rejected Cothron’s argument White Castle couldn’t raise a limitations defense since it failed to do so during an earlier motion to dismiss, saying it “ignores the basic framework” of federal court rules and “is entirely off-base.” Since White Castle’s earlier motion for dismissal targeted the complaint’s sufficiency, it is allowed to raise the limitations defense in a request for judgment.
Her “substantially stronger” position was that some claims remain timely, Tharp said. White Castle said the claims date to mid-2008, while Cothron said some of them accrued in 2018, the last time she supplied a fingerprint before the company followed BIPA’s informed consent rules. She also said subsequent scans violated a different BIPA provision concerning disclosure of her data to a third party.
“BIPA claims do not fall within the limited purview” of an exception that allows challenges in situations of a series of actions that would be independently actionable, even when those actions establish a pattern of impropriety. Specifically, Tharp said, one fingerprint scan or transmission of that scan, without informed written consent, can form the basis for a lawsuit, and “the injuries resulting from these violations do not need time to blossom or accumulate. Time may exacerbate them, but an injury occurs immediately upon violation.”
Since Cothron alleged a violation within a calendar year of her initial filing, Tharp said, those violations are actionable. White Castle argued its violation was failure to get informed consent, but Tharp said the act of collecting a fingerprint without authorization or disclosure violates BIPA.
“Each time an entity discloses or otherwise disseminates biometric information without consent, it violates the statute,” Tharp wrote. “This conclusion is especially unavoidable where, as here, the statute includes 'redisclose' in the list of actions that cannot be taken without consent. As a result, even where an entity transmits the biometric information to a third party to which it has previously transmitted that same information, the redisclosure requires consent."
Rather than counter, Tharp said, White Castle argued this position “would lead to absurd results” because associated damages “would be crippling.”
“The court fully acknowledges the large damage awards that may result from this reading of the statute,” Tharp wrote. “But, as an initial matter, such results are not necessarily ‘absurd.’ ”
Instead, Tharp pointed to a 2019 Illinois Supreme Court opinion in Rosenbach v. Six Flags that held “ ‘subjecting private entities who fail to follow the statute’s requirements to substantial potential liability, including liquidated damages, injunctions, attorney fees and litigation expenses “for each violation” of the law’ is one of the principal means that the Illinois legislature adopted to achieve BIPA’s objectives of protecting biometric information.”
How many violations fall within the statutory limitations is a matter of future resolution, Tharp said, but “at least some of her claims survive under this reading of the statute” and the case therefore will proceed.
White Castle is represented by Shook Hardy & Bacon, of Chicago.