Employers in Illinois can’t use the state’s workers’ compensation law to find relief from an ever-mounting blizzard of class actions brought under Illinois’ biometrics privacy law, as the Illinois Supreme Court has declared worker claims against their employers under the biometrics law aren’t really workplace injuries.
The high court further indicated employers may not be able to look to Illinois’ courts for any real relief from the biometrics litigation onslaught, as the justices reiterated their position that it is not the courts’ problem if businesses are exposed to potentially crippling financial payouts, even if plaintiffs can’t prove they were ever actually harmed.
Employers “suggest that our decision stands to expose employers to potentially devastating class actions that can result in financial ruin,” the Illinois Supreme Court justices wrote in the unanimous opinion, issued Feb. 3.
From left: Attorneys Aaron Lawson and Richard McArdle
| Edelson P.C.; Seyfarth
But, the court said, that is the point. Illinois lawmakers, they said, wrote the law to “head off” problems concerning people’s biometric security “by imposing safeguards to ensure that the individuals’ privacy rights in their biometric identifiers and biometric information are properly protected before they can be compromised and by subjecting private entities who fail to follow the statute’s requirements to substantial potential liability whether or not actual damages, beyond violation of the law’s provisions, can be shown.”
“’It is clear that the legislature intended for this provision to have substantial force,’” the justices wrote, emphasizing a point from the state high court’s seminal 2019 decision on the reach of the biometrics law.
The decision ends months of legal arguments in various courts over which law should govern class action claims brought by workers against their employers under the Illinois Biometric Information Privacy Act.
In the case before the Illinois Supreme Court, attorneys representing past and current employees of the Symphony of Bronzeville nusing home, in Chicago, filed suit against the corporate entity that operates the nursing home, accusing the company of violating the BIPA law.
The lawsuit was led by named plaintiff Marquita McDonald, who was represented by attorneys with the class action firms of Edelson P.C. and Fish Potter Bolanos, of Chicago. However, the lawsuit seeks to include virtually everyone who worked at the nursing home in recent years.
Symphony also operates dozens of other nursing homes and care facilities in Chicago, the suburbs and Illinois, all of which could be targets for class actions under the BIPA law.
Like nearly all of the other thousands of other class actions brought against employers under the BIPA law, the Symphony Bronzeville case accuses the nursing home operators of improperly requiring workers to scan fingerprints to verify their identities when punching in and out of work shifts. According to the lawsuit, the nursing home allegedly failed to first secure written consent from workers before requiring the workers to scan their prints, and also failed to provide workers with required notices concerning how their scanned fingerprints would be collected, stored, used, shared and ultimately destroyed.
Symphony, however, fought back against the lawsuit, asserting the workers’ BIPA claims should be tossed, because those claims are preempted by the Illinois Workers’ Compensation Act.
Symphony centered its arguments on a key provision in the workers’ comp law, which declares the workers’ comp law “preempts any ‘statutory right to recover damages from the employer … for injuries incurred in the course of … employment.”
Symphony argued finding otherwise would mean “an employer would have greater protection from damages claims brought by plaintiffs who have suffered actual psychological (or physical) harm and no protection whatsoever from massive (and potentially) ruinous damages claims brought by plaintiffs who have not suffered an actual injury at all,” Symphony told the courts.
Indeed, in recent years, trial lawyers have seized on the BIPA law’s notice and consent provisions, in particular, to launch myriad class action suits against businesses of all kinds.
While some of the lawsuits have targeted big tech companies, like Facebook and Google, the vast majority of BIPA actions have targeted employers, primarily over employers’ use of so-called biometric timeclocks, which require workers to verify their identity with a fingerprint or other biometric identifier when beginning or ending a work shift.
And the lawsuits pose massive financial risks for employers. Under the BIPA law, plaintiffs have the right to demand damages of $1,000-$5,000 per violation. Lawyers for plaintiffs and defendants, alike, have said the law could be interpreted to define individual violations as each time an employee punched the clock or otherwise scanned a fingerprint at work.
Should such cases proceed to trial, employers could be on the hook for judgments mounting well into the millions, or even billions, of dollars.
Employers have struggled to find effective legal defenses against such claims.
Faced with potentially crippling judgments, many employers have opted to settle. Settlements have typically been worth from hundreds of thousands of dollars, to up to $25 million, depending on the size of the company.
Some, like Symphony, however, have pushed back, in an effort to find viable defenses to reduce their exposure.
Courts, however, have taken a dim view of the attempt to use the workers’ comp law against BIPA claims.
Judges in Cook County and the Illinois First District Appellate Court sided with plaintiffs, finding the kinds of claims brought under BIPA are not the same as the kinds of injuries lawmakers considered when they gave employers relative protection from lawsuits under the workers’ comp law.
As the case moved toward the Illinois Supreme Court, judges elsewhere agreed the implications of the case were significant. Many placed BIPA class actions on hold, awaiting word from the state high court on the question. A decision in favor of the employers could essentially undo hundreds of pending BIPA class actions in Illinois state and federal courts.
However, the Illinois Supreme Court backed the conclusion of the lower courts.
In the decision authored by Justice David Overstreet, a Republican from southern Illinois, the justices agreed the Workers’ Comp Act was designed to deal with physical and psychological injuries which would otherwise affect the ability of workers to perform their jobs.
The BIPA law was designed to protect privacy rights. And lawmakers included a so-called private right of action – giving individuals the right to sue for big money damages – to substantially punish those who violate its provisions, Overstreet wrote.
The justices noted the language of the BIPA law defines the written authorization companies are required to obtain from people before scanning and collecting their biometric data, to include “a release executed by an employee as a condition of employment.”
“Thus, the legislature was aware that Privacy Act claims could arise in the employment context, yet it treated them identically to nonemployee claims except as to permissible methods of obtaining consent,” Overstreet wrote.
“Therefore, the text of the Privacy Act itself, which mentions its application in the employment context, is further evidence that the legislature did not intend for Privacy Act claims to be presented to the Workers’ Compensation Commission.”
While concurring with the majority opinion, Justice Michael J. Burke suggested plaintiffs had engaged in “gamesmanship in pleading” to allow their BIPA claims to stand apart from other workplace injury claims.
He noted, for instance, that lead plaintiff McDonald’s lawyers had stripped the lawsuit of claims of mental anguish, which may have otherwise triggered the workers’ comp law.
Burke noted the case highlights an “incongruity” of the BIPA law, which essentially allows these potentially massive lawsuits to proceed without anyone actually being harmed.
“McDonald contends that her Privacy Act claim should proceed because she has suffered absolutely no injury, which is totally inconsistent with the concept that a technical violation of the Privacy Act is a ‘real and significant’ injury,” Burke wrote.
However, the unanimous court indicated again it would not be concerned with the potential damage the law may have on businesses and employers throughout the state.
In 2019, in the decision known as Rosenbach v Six Flags Entertainment Corp., the justices said plaintiffs need prove no actual injuries to press claims under the BIPA law. And the potentially crippling damages provide "the strongest possible incentive to conform to the law and prevent problems before they occur and cannot be undone."
If employers wish to rein in the law's effects, the court said, they need to win reforms in the Democrat-dominated, and trial lawyer-friendly Illinois General Assembly.
“Ultimately, however, whether a different balance should be struck under the Privacy Act given the category of injury is a question more appropriately addressed to the legislature,” the justices wrote.
The lawsuit against Bronzeville Symphony remains pending in Cook County Circuit Court.
Bronzeville Symphony has been represented by attorney Richard P. McArdle, and others with the Chicago firm of Seyfarth Shaw.
Attorney Aaron Lawson, of Edelson P.C., argued the case on behalf of the plaintiffs before the Illinois Supreme Court.
In a tweet following the ruling, the Fish Potter Bolanos firm said: “The decision is an important victory for Illinois workers.”