Target sued for illegally collecting customers’ biometric data through facial scans and fingerprinting
A class action lawsuit filed in Illinois claims that retail giant Target collects and stores customers’ biometric data, such as facial scans and fingerprints, without obtaining proper consent, which is in violation of the state's Biometric Information Privacy Act (BIPA).
Target illegally collected and stored customers’ biometric data, including face and fingerprint scans, according to an Illinois woman who filed a class action lawsuit against the Minnesota-based company on behalf of herself and other customers.
Arnetta Dean alleges Target violated Illinois’ BIPA by collecting customers’ data without obtaining written consent or sharing data retention and destruction policies.
The lawsuit, filed on March 11 in the Circuit Court of Cook County, Illinois, also claims the company did not provide the necessary disclosures or allow customers to opt out of the data collection practices.
Plaintiffs seek statutory damages of $5,000 for each intentional or reckless violation of the law and $1,000 for each violation found to be negligent. They also seek to recoup attorneys’ fees and other litigation expenses.
The lawsuit also seeks injunctive relief to prevent Target from further violating the biometric privacy rights of Illinois residents. A hearing in the case is scheduled for July 10.
Dean, an Illinois resident, filed the lawsuit after allegedly having her biometric data collected without consent during visits to the retailer’s stores.
According to NBC Chicago, Target allegedly employs advanced facial recognition technology in its stores to prevent theft. The suit cites a Target investigations center leader who said, "[We] are using state-of-the-art equipment to gather as much intelligence as possible, reduce business risks, and take down criminals."
The lawsuit alleges Target "operates one of the largest and most advanced networks of cameras" and has developed an advanced system of electronic surveillance that includes 14 investigation centers and two forensic labs "to enhance video footage and analyze fingerprints."
Illinois going after corporations for violating BIPA
Passed in 2008, Illinois’ BIPA safeguards residents’ biometric data, such as facial scans and fingerprints. The act recognizes the unique nature of biometric information, emphasizing that, unlike other personal data like social security numbers, biometric identifiers cannot be easily changed if compromised. This makes people particularly vulnerable to identity theft and other risks if their biometric data is mishandled.
Under BIPA, companies collecting biometric data in Illinois must follow strict guidelines.
First, they must inform individuals in writing that their biometric information is being collected and specify the purpose and duration of its use. Second, they must obtain a written release from the individual before collecting the data. Third, companies must develop and make publicly available a retention schedule and guidelines for permanently destroying the collected biometric data.
Violating BIPA can result in significant penalties for companies, including damages ranging from $1,000 for each negligent violation to $5,000 for each intentional or reckless violation, liability for attorneys’ fees and other litigation expenses – precisely the relief the plaintiffs in the current lawsuit are seeking.
BIPA, unique to Illinois, provides protections rarely granted by other states’ laws. This has led to “hundreds of David-and-Goliath legal battles against some of the world’s most powerful companies,” some resulting in huge settlements.
In recent years, several tech giants have found themselves in the crosshairs of Illinois' biometric privacy law. The most notable case involves Facebook, which settled a class action lawsuit for $650 million in 2022. The social media behemoth was accused of collecting and storing digital scans of users’ faces without permission. As a result, over 1 million Illinois Facebook users received checks for nearly $400 each.
Google was accused of violating BIPA through its Google Photos service, which between 2015 and 2022 allegedly collected and stored biometric data of Illinois residents who appeared in photos uploaded to the platform.
No comments