Duane Morris Takeaways – In a significant decision for retailers, Judge Manish Shah of the U.S. District Court for the Northern District of Illinois recently denied in part Defendant Estée Lauder’s motion to dismiss proposed class action claims that its consumer “try-on” technology violated the Illinois Biometric Information Privacy Act (“BIPA”). The Court rejected Defendant’s personal jurisdiction argument, as well as claims that its website terms and conditions required Plaintiff to arbitrate her dispute, and that Plaintiff lacked standing to sue on behalf individuals that used websites Plaintiff herself did not visit. In a decision entitled Kukovec v. The Estée Lauder Companies, Inc., Case No. 22-CV-1988 (N.D. Ill.), the Court determined, however, that Plaintiff did not sufficiently plead that the cosmetics giant intentionally or recklessly violated consumers’ biometric privacy rights, and thereby dismissed those claims. The ruling in Kukovec illustrates the ongoing legal risks for retailers in using “try-on” tech to enhance customer service.
Plaintiff, an Illinois resident, alleged that Defendant’s try-on tool violated Section 15(b) of the BIPA by capturing users’ facial geometry without informing them how that data is collected, used, or retained. Id. at 6. Plaintiff also alleged that Defendant lacked a publicly-available written policy establishing how long such data is retained and when it is destroyed, in violation of Section 15(a) of the BIPA. Id. Plaintiff filed a putative class action lawsuit against Defendant, seeking to represent a class of individuals that used the virtual try-on tool not just on the Too Faced website, but also four other websites for Defendant’s other brands. Id. Defendant removed the case to federal court based on diversity jurisdiction and the Class Action Fairness Act, then moved to dismiss the complaint.
The Court’s Ruling On Defendant’s Motion To Dismiss
Defendant sought to dismiss Plaintiffs’ claims on four grounds, three of which the Court fully rejected.
First, Defendant argued that the Court lacked personal jurisdiction over it since its “Try On” tool was “geography neutral,” did not target Illinois consumers, and the mere accessibility of the tool to Illinois consumers lacked the substantial connection to Defendant’s sale of cosmetics and employees in Illinois. Id. at 8. The Court rejected this “overly narrow” interpretation of personal jurisdiction. It held that “[t]he try-on tool is part of [Defendant’s] cosmetics marketing and sales strategy,” since those that use the tool are also presented with buttons to add the products to their cart or send as a gift. Id. at 9.
Third, Defendant also sought to dismiss the complaint on the basis that it provided only “conclusory legal statements” and lacked sufficient facts establishing that Defendant captured users’ facial geometry, collected biometric data, or acted negligently, recklessly, or intentionally under the BIPA. Id. at 16. The Court disagreed. It found that the complaint “alleged enough to infer” that Defendant captured Plaintiff’s biometric information and “no intermediary separated the defendant from the collection of plaintiff’s facial geometry.” Id. at 17. However, since recklessness and intentionality require a specific state of mind that Plaintiff did not allege, the Court dismissed Plaintiff’s claims for reckless or intentional conduct, but allowed Plaintiff an opportunity to amend her complaint. Id. at 18.
Finally, Defendant contended that since Plaintiff did not use the websites of its four other brands that utilize the virtual try-on tool, she lacked standing to sue on their behalf. The Court noted that because no class had been certified, yet Defendant’s argument was premature. The Court reasoned that plaintiff “alleges an injury from a technology deployed across multiple websites” and that standing exists because Plaintiff’s injury “can be redressed by a decision in her favor.” Id. at 20.
Implications For Companies Using Biometric Equipment
By allowing consumers to “try-on” products in a virtual environment, retailers increasingly rely on biometric data to provide hyper-personalized services and recreate the real-world shopping experience for the virtual world. But as the popularity of try-on technology grows, so too does the legal risk from biometric data privacy lawsuits. Since 2019, numerous retailers have been sued for violating the BIPA and other state biometric privacy laws for their use of try-on tech and other digital tools to personalize consumer recommendations. The Kukovec decision highlights how new technologies expose companies to costly litigation, even when they take steps to notify consumers or mandate arbitration. Companies should consider how they notify customers regarding try-on technology, ensure that their privacy policies stay current with evolving legislation and competing definitions of “biometric data,” and implement proper safeguards and consent processes.