Quantcast

Restaurant, retail advocates urge appeals panel to limit 'absurd,' 'grossly excessive' reach of IL biometrics law

COOK COUNTY RECORD

Sunday, December 22, 2024

Restaurant, retail advocates urge appeals panel to limit 'absurd,' 'grossly excessive' reach of IL biometrics law

Federal Court
White castle hamburger

ben britten from Melbourne, Australia / CC BY (https://creativecommons.org/licenses/by/2.0)

CHICAGO — Retail and restaurant trade groups are lining up to support White Castle’s pursuit of a court order limiting the reach of Illinois’ biometric privacy law, as they ask a federal appeals panel to undo a federal judge’s decision backing an expansive interpretation of the law, which they said will lead to “extreme and absurd results.”

In early 2019, attorneys with Stephan Zouras LLP, of Chicago, sued White Castle in Cook County Circuit Court on behalf of named plaintiff Latrina Cothron, a restaurant manager who started with the company in 2004. The lawsuit accused White Castle of violating the Illinois Biometric Information Privacy Act (BIPA) in the way the company has required workers to use fingerprint-scanning time clocks since 2007.

After White Castle removed the case to federal court, the hamburger chain also moved to dismiss the action. U.S. District Judge John Tharp partially granted that request in August, but denied the company’s request for judgment on the pleadings. Tharp ruled Cothron’s remaining claims weren’t barred under statutory limitations.


Meredith Slawe | https://luxurylawsummit.com/speaker/meredith-slawe/

White Castle then appealed Tharp's decision to the U.S. Seventh Circuit Court of Appeals last November, asking the appeals court to limit the scope of the law. The fast food chain specifically argued damages under the law should not continue to accrue each time an employee scans their fingerprint. Rather, they said, damages should be limited to the first alleged violation.

Under the BIPA law, employers could be dinged for damages of $1,000-$5,000 per violation. If damages are assessed each time an employee scans their fingerprint when punching the clock - two to four, or more, times per day - the potential damages could quickly mount to a "crippling" amount, White Castle argued. 

As the parties exchange briefs laying out their arguments, others have weighed in on the legal questions in the case. 

The Retail Litigation Center and Restaurant Law Center, which is affiliated with the National Restaurant Association, filed a brief on April 5 in support of White Castle’s position. Assisting attorneys with the Centers were lawyers from the firm of Cozen O’Connor. White Castle is represented by attorneys with Shook Hardy & Bacon, of Chicago.

The brief was signed by attorney Meredith C. Slawe, of Cozen O'Connor, of Philadelphia.

In their brief, the groups mentioned that not only do some members use biometric timekeeping and security systems, but “Employees likewise benefit from the increased efficiencies, accurate recordkeeping, improved pay systems and enhanced security that flow from the use of these systems.”

The groups said they understand BIPA’s role in development and implementation of biometric systems, while also deterring improper handling of personal data and quick correct of violations. However, they said, Tharp’s “holding that each biometric scan constitutes a discrete violation of BIPA, subject to its own liquidated damages award, would push the statute far beyond its purpose of discouraging bad actors and compelling compliance. Indeed, the district court’s approach would encourage additional class action lawsuits, often untethered from any actual harm, and lead to devastating penalties for employers.”

In his August opinion, Tharp acknowledged his reading of BIPA could lead to large damage awards, but rejected White Castle’s concerns.

“Each time an entity discloses or otherwise disseminates biometric information without consent, it violates the statute,” Tharp wrote. “This conclusion is especially unavoidable where, as here, the statute includes ‘redisclose’ in the list of actions that cannot be taken without consent. As a result, even where an entity transmits the biometric information to a third party to which it has previously transmitted that same information, the redisclosure requires consent.”

In their brief, the groups referenced a 2019 Illinois Supreme Court opinion in Rosenbach v. Six Flags. Whereas Tharp said that opinion affirmed the General Assembly’s intent to use fines for individual BIPA violations to achieve its protective objectives, the groups argued the court “merely sought to keep the doors of the courts open to litigation that would ensure compliance — not impede the development of innovative technologies or unfairly target and crush well-intentioned businesses.”

Tharp’s take on BIPA, they continued, “would penalize employers for each and every finger scan — even when no employee has suffered any actual damage. Because employees might scan in and out multiple times per day, the potential penalties that will accrue over a typical workweek are massive and will be an irresistible lure for opportunistic litigants.”

In addition to the “absurd” results of statutory penalties linked to individual violations, the groups said Tharp’s BIPA stance raises concerns about due process rights in that it would contradict U.S. Supreme Court guidance against unlimited punitive damages. They also said the Seventh Circuit should consider similar statues, such as the Illinois Right of Publicity Act, which courts have read to reflect violations dating from the first unauthorized use of a photograph and not one still circulated years later.

White Castle’s “plausible, plain-text interpretation of BIPA avoids the pitfalls of the district court’s position,” according to the brief. “It encourages employers to ensure compliance with BIPA without imposing prohibitive penalties, does not cause absurd results in the event of an inadvertent technical violation and does not impose grossly excessive, entirely penal damages that would implicate due process concerns.”

More News