The Illinois Supreme Court issued an opinion Friday in an ongoing case against White Castle over the state’s Biometric Information Privacy Act (BIPA) that could result in hefty fines.
The opinion came after the United States Court of Appeals for the 7th District asked the state’s highest court to determine whether BIPA claims accrue with every scan or transmission of biometric data that allegedly violates the law or just the first instance. The Illinois Supreme Court ruling was 4-3.
WHITE CASTLE EMPLOYS ROBOT TO GIVE THE RIGHT TOOLS’ TO SERVE MORE ‘HOT AND TASTY FOOD’: VP
In the proposed class-action case, the plaintiff sued White Castle alleging that the fast-food chain “unlawfully collected her biometric data and unlawfully disclosed her data to its third-party vendor” without her consent for several years after scanning Applying fingerprints for. employee computer access, according to an Illinois Supreme Court document.
“We conclude that the plain language of sections 15(b) and 15(d) indicates that a claim under the Act accrues with every scan or transmission of biometric identifiers or biometric information without prior informed consent,” the Illinois Supreme Court said in Friday’s ruling.
In a statement, White Castle told FOX Business that it was “deeply disappointed by the court’s decision and the significant business disruption that will be caused to Illinois businesses, who now face significant damages.”
“We are reviewing our options to seek further judicial review, given the strong dissenting opinion, which was included by the Chief Justice of the Court,” the fast food chain continued. “This disagreement raises serious concerns about today’s opinion.”
Meanwhile, James Zouras, the attorney representing the plaintiff, told Reuters “I hope today’s decision will encourage employers and other biometric data collectors to finally start taking the law seriously.”
Facebook Agrees To Pay Record $650M To Settle Facial Recognition Duties
Private entities are prohibited from “collect(ing), capturing, purchasing, acquiring by trade, or otherwise acquiring” someone’s biometric data without prior informed consent under BIPA. The law also restricts them from “disclosing, re-disclosing, or otherwise disseminating such data” without consent, among other provisions.
Negligence violations can carry fines of $1,000, according to state law. For intentional or reckless violations, the penalties are $5,000 each.
White Castle argued that alleged claims “can only accrue once — when the biometric data is first collected or disclosed,” the majority opinion said.
“It will lead to consequences that the legislature could not have intended,” Illinois Supreme Court Justice David Overstreet argued of the majority opinion in the dissent. “Furthermore, the majority’s interpretation makes compliance with the Act very difficult for employers.”
GOOGLE SUES TEXAS ATTORNEY GENERAL OVER ALLEGED BIOMETRIC DATA BREACH
White Castle said damages could exceed an estimated $17 billion “if the plaintiff is successful and allowed to pursue a claim on behalf of as many as 9,500 current and former White Castle employees,” the majority opinion said.
The case will return to the lower court.