Dior Dismissed From Illinois BIPA Class Action Lawsuit Challenging Virtual Try-On Technology

By Kelly A. Bonner, Alex W. Karasik, Gerald L. Maatman, Jr., and Jennifer A. Riley

Duane Morris TakeawaysIn a significant win for fashion and beauty retailers in the privacy class action space, in Warmack-Stillwell v. Christian Dior Inc., No. 1:22-CV-04633, 2023 U.S. Dist. LEXIS 22926 (N.D. Ill. Feb. 10, 2023), an Illinois federal court held that an exemption to the Illinois Biometric Information Privacy Act (“BIPA”) for data captured from a patient in a health care setting barred proposed class action claims alleging that luxury giant Christian Dior Inc.’s (“Dior”) virtual try-on tool (“VTOT”) violated the BIPA.

Businesses in Illinois, particularly online fashion and beauty retailers, can use this ruling to attack BIPA claims involving VTOT technology.

Case Background

As discussed in our previous publications, lawsuits involving BIPA claims and eyewear have been dismissed under one of BIPA’s statutory exemptions, which in relevant part excludes from its definitions of biometric identifiers and biometric information: (1) information captured from a patient in a health care setting; or (2) information collected, used, or stored for health care treatment, payment, or operations under the federal Health Insurance Portability and Accountability Act of 1996, including prescription lenses, non-prescription sunglasses, and frames meant to hold prescription lenses.

Plaintiff alleged that Dior maintained a VTOT feature on its website that collected users’ facial geometry data without first obtaining written consent or informing users of the purpose and length of time that their data was being collected in violation of Section 15(b) of BIPA. Plaintiff also alleged that Dior failed to provide a publicly available data retention and destruction schedule, as required by Section 15(a) of BIPA.

Dior moved to dismiss Plaintiff’s complaint on the basis that the BIPA’s health care exemption applied to non-prescription sunglasses, such as the ones sold by Dior and which the plaintiff alleged that she tried on with the VTOT technology, and thus precluded Plaintiff’s claims.

Plaintiff countered that the sunglasses were fashion accessories; Dior’s website was not a health care setting; and Dior’s consumers were not patients. Plaintiff also sought to distinguish prior decisions applying the BIPA’s health care exemption as focusing on the VTOT technology being used for prescription glasses, akin to optometrist fittings, and not in connection with the purchase of luxury sunglasses.  Id. at *8.

The Court’s Decision

The Court granted Dior’s motion to dismiss under Rule 12(b)(6).  First, the Court explained that Plaintiff qualified as a “patient in a health care setting” under the dictionary definition of the term “patient,” and that Dior’s VTOT feature “facilitates the provision of a medical device that protects vision.” Id. at *8.  Similarly, the Court held that use of the VTOT technology constituted “health care,” which the dictionary defined as “efforts made to maintain or restore physical, mental, or emotional well-being especially by trained and licensed professionals.”  Id. at *9.

In addition, the Court reasoned that the relevant test was “not a user’s subjective understanding, but rather an objective application of the text of the exemption.” Id. at *8-9.  The Court opined that the outcome of the analysis should not change if a consumer uses the VTOT in search of primarily stylish sunglasses rather than protective ones.

Plaintiff attempted to distinguish Dior’s website from a “health care setting” by arguing that “[a]n artist prepping a canvas is not providing a health care service if they use a scalpel instead of an Xacto knife.”  Id. at *9.  As to that point, the Court concluded that the VTOT feature facilitated the purchase of sunglasses to wear on one’s face and protect one’s eyes, thus performing the product’s intended medical function rather than an unconventional purpose.

Similarly, the Court rejected Plaintiff’s attempts to analogize her case to BIPA suits against blood plasma centers, in which courts rejected application of the health care exemption.  Even if the cases applied the same definitions of “health care” and “patient,” the Court concluded that the removal of plasma for commercial purposes is not “health care because the purpose — at least from the plasma donors’ perspectives — was not to ‘maintain or restore physical, mental or emotional well-being’; it was to get paid.”  Id. at *11.

Finally, the Court notably denied Dior’s motion to dismiss under Rule 12(b)(1), rejecting Dior’s argument that Plaintiff failed to allege an injury-in-fact sufficient for Article III standing. The Court concluded that Plaintiff sufficiently alleged an injury-in-fact under Section 15(a) “because “unlawful retention of a person’s biometric data is as concrete and particularized an injury as an unlawful collection of a person’s biometric data.”   Id. at *11.

Accordingly, the Court granted Dior’s motion to dismiss on Rule 12(b)(6) grounds, but rejected Dior’s Article III standing argument and denied its motion based on Rule 12(b)(1).

Implications for Retailers

The Court’s decision in Warmack is a solid victory for fashion and apparel retailers, and indicates that courts are willing to expand the BIPA’s healthcare exemption to more retail-oriented environments, and adopt a plain reading of the statue rather than seeking to discern legislative intent. This ruling could have significant implications for personal care products retailers, especially those who utilize VTOT features to assess skin complaints such as aging, hyperpigmentation, and recommend treatments, and whether those defenses will draw regulatory scrutiny for purposed “drug” claims.

In the meantime, retailers should stay abreast of biometric data privacy laws in Illinois and beyond, and ensure that their privacy policies stay current with evolving nationwide legislation.

Trend # 6 – Privacy Class Actions Became An Intense Focus Of The Plaintiffs’ Class Action Bar

By Gerald L. Maatman, Jr. and Jennifer Riley

Duane Morris Takeaway: Privacy litigation – in a multitude of forms and theories – revealed itself as the hottest area of growth in terms of activity by the plaintiffs’ class action bar in 2022. The new year started off with a huge privacy ruling from the Illinois Supreme Court in Tims, et al. v. Black Horse Carriers, Case No. 127801 (Ill. Feb. 2, 2023), in which it held that a five-year statute of limitations applies to BIPA claims.

The Illinois Biometric Privacy Act Continued To Drive Lawsuits

In 2022, the plaintiffs’ class action bar continued to focus on businesses and vendors utilizing biometric technology and filed numerous class action lawsuits based on the Illinois Biometric Information Privacy Act, 740 ILCS 14/15 (BIPA).

Enacted in 2008, the BIPA regulates the collection, use, and handling of biometric identifiers and information by private entities. Subject to limited exceptions, the BIPA generally prohibits the collection or use of an individual’s biometric identifiers and biometric information without notice, written consent, and a publicly-available retention and destruction schedule.

Although Texas and Washington have implemented similar biometric protections, the BIPA provides for a private cause of action with aggressive statutory penalties allowing for $1,000 per violation and $5,000 per intentional or reckless violation. Because of this damages provision, the plaintiffs’ bar files almost all BIPA lawsuits as class actions. Plaintiffs have focused more than one-third of BIPA cases on fingerprinting and have focused roughly a quarter on facial recognition surveillance.

The most noteworthy BIPA case of the year was Rogers, et al. v. BNSF Railway Co., Case No. 19-CV-3083 (N.D. Ill.), the first federal jury trial in a case brought under the BIPA. After a week-long trial in the U.S. District Court for the Northern District of Illinois, a jury found that BNSF recklessly or intentionally violated the law 45,600 times and entered a verdict in favor of the class of 45,000 workers. The court thereafter awarded damages against BNSF of $228 million. BNSF subsequently filed a motion for a new trial arguing that none of the 45,000 class members suffered any actual harm and raising constitutional concerns about the BIPA. That motion remains pending for decision, and is almost sure to result in an appeal in 2023.

As BIPA class actions proliferate and businesses struggle to defeat such claims, the Illinois Supreme Court in early 2023 clarified the scope of the statute of limitations applicable to the BIPA in Tims, et al. v. Black Horse Carriers, Case No. 127801 (Ill. Feb. 2, 2023). The Illinois Supreme Court held that a five-year statute of limitations applies to claims under the BIPA. This ruling adds to the risks for employers and companies who do business in Illinois in terms of BIPA class action exposures. Given that the BIPA statute does not have an explicit statute of limitations, the Illinois Supreme Court’s ruling now provides clarity for litigants and attorneys in this space as to the scope of the putative classes in their lawsuits.

If employers have not already done so, now is time to make sure their timekeeping procedures and consent policies are legally compliant. The Tims ruling is apt to increase the plaintiff class action bar’s appetite for BIPA claims, so it is more important than ever for employers to make sure their procedures are legally sound

The Illinois Supreme Court is also due to issue its decision in Cothron v. White Castle System, Inc., No. 1280004 (Ill.), which will decide whether each fingerprint scan is its own discrete violation.  An adverse finding in Cothron could enhance BIPA class action exposures. In Cothron, et al. v. White Castle Systems, 2021 U.S. App. LEXIS 37593 (7th Cir. Dec. 20, 2021), the Seventh Circuit asked the Illinois Supreme Court to provide much-needed clarification on the accrual of BIPA violations, specifically whether certain BIPA claims accrue only once upon the initial collection or disclosure of biometric information or whether a claim accrues each time a company collects or discloses biometric information.

The Illinois Supreme Court likely will rule on these key BIPA matters in the early part of 2023 and the statute will continue to drive class action litigation. Its technical requirements, combined with stiff statutory penalties and fee-shifting, provide a recipe for attention from the plaintiff’s class action bar, and companies’ continued development and use of innovative technologies are apt to provide a veritable barrel of opportunity.

Class Action Suits Alleging Wiretapping Violations

A new wave of class action lawsuits filed in California, Florida, Massachusetts, and Pennsylvania targeted companies that use technologies to track user activity on their websites, based on the theory that such practices violate electronic interception provisions of various state laws when done without consent.

The plaintiffs’ bar grounded these claims in the electronic interception provisions of various state laws. Wiretap statutes like the California Invasion of Privacy Act, the Pennsylvania Wiretapping and Electronic Surveillance Act, and the Florida Security of Communications Act generally prohibit the unauthorized interception or disclosure of communications transmitted electronically.

The plaintiffs’ bar targeted technologies that track a user’s interactions with the website (e.g., clicking, scrolling, swiping, hovering and typing) and create a recording of those interactions and inputs – known as session replay software. They also attacked coding tools that create and store transcripts of conversations with users in a website’s chat feature. The plaintiffs in this new string of class actions allege that recording their interactions with a website and sending that recording to a third party for analysis without their consent is an illegal invasion of their privacy.

Recent decisions from the Ninth and Third Circuits fueled the swell of lawsuits alleging violations of these wiretap statutes. In May 2022, in Javier, et al. v. Assurance IQ, LLC, 2022 U.S. App. LEXIS 14951 (9th Cir. May 31, 2022), the Ninth Circuit held that the California Invasion of Privacy Act requires prior consent and explicitly rejected the argument that this wiretap statute allows a business to obtain consent to the use of session replay software after the recording already has begun. The Ninth Circuit, however, did not comment on what would amount to effective consent to the use of session reply software under the wiretap statute.

A few months later, the Third Circuit in Popa, et al. v. Harriet Carter Gifts, 2022 U.S. App. LEXIS 22707 (3d Cir. Aug. 16, 2022), ruled that an electronic interception violating the Pennsylvania Wiretapping and Electronic Surveillance Act occurred when the plaintiff visited a website to purchase a product and her interactions on that site were recorded and transmitted to a third-party marketing firm.

The Third Circuit concluded that the location of the interception was plaintiff’s browser, and it rejected the defendants’ argument that the wiretap statute did not apply because the third-party marketing firm’s servers – where the information was sent – were located in Virginia. If other circuits follow the Third Circuit’s approach, it could subject companies to liability under a state wiretap statute each time a user accesses its website from that state.

In each of the three lawsuits brought thus far in Pennsylvania, the class consisted of allegedly more than 5,000 individuals. This new wave of lawsuits alleging wiretap violations threatens to subject businesses to a substantial amount in penalties, including fines ranging from $1,000 to $50,000 per violation, depending on the state. If a violation occurs every time a user accesses a website in one of these states, the amount of penalties to which a company may be subject can balloon quickly.

More State Legislation Created And Expanded Data Privacy Rights

While Congress has refrained from addressing data privacy through federal legislation, many states have enacted their own laws, and 2022 saw significant state legislative activity regarding data privacy with five states preparing for new privacy laws to take effect in 2023, including California, Colorado, Connecticut, Utah, and Virginia.

On the heels of California’s enactment of the California Consumer Privacy Act (CCPA) in 2020, California businesses will need to comply with all requirements of the California Privacy Rights Act (CPRA) effective January 1, 2023. The CPRA expands the current CCPA private right of action by authorizing consumers to bring lawsuits arising from data breaches involving additional categories of personal information and is arguably the strictest data privacy law in the United States, which places California privacy law closer, in many respects, to Europe’s GDPR. With potential statutory damages ranging from $100 to $750 per consumer per incident, and breaches often involving hundreds of thousands or even millions of users, these types of claims will almost certainly lead to a sharp rise in class action litigation.

Virginia, Colorado, Connecticut, and Utah likewise enacted sweeping data privacy laws that will roll out in 2023. These laws are all similar in structure, but unlike California’s statute, which allows an individual to sue a company for alleged violations, enforcement will be left to the respective state attorneys general. Each of these laws provides for expanded consumer rights related to their data, including: (i) Right of access (i.e., allows for a consumer to access from a business/data controller the information or categories of information collected about a consumer); (ii) Right of deletion (i.e., right for a consumer to request deletion of personal information about the consumer under certain conditions; (iii) Right to opt-out (i.e., allows for a consumer to opt out of the sale of personal information about the consumer to third parties); (iv) Right of portability (allows for a consumer to request personal information about the consumer be disclosed in a common file format); and (v) Notice and transparency requirements (i.e., an obligation placed on a business to provide notice to consumers about certain data practices, privacy operations, and/or privacy programs).

The approach each state attorney general takes regarding enforcement of these new laws will provide lessons for other states looking to regulate consumer privacy in the absence of a federal standard and almost certainly will be closely monitored by the plaintiffs’ bar, as it attempts to draw from favorable rulings and to anticipate which state will enact the next plaintiff-friendly data privacy laws. 28 U.S.C. §1292(b), Rule 23(f) does not require the district court to certify an issue for appeal. Moreover, Rule 23(f) does not include the potentially limiting requirements of Section 1292(b), under which the district court can certify an issue for appeal only where an order “involve[s] a controlling question of law as to which there is substantial ground for difference of opinion” and where “an immediate appeal from the order may materially advance the ultimate termination of the litigation.”

Finally, class action litigants can appeal final orders issued by the district court under 28 U.S.C. § 1291, which states that “courts of appeals (other than the United States Court of Appeals for the Federal Circuit) shall have jurisdiction of appeals from all final decisions of the district courts of the United States.”

DMCAR Trend #5 – Government Enforcement In 2022 Took A Back Seat

By Gerald L. Maatman, Jr. and Jennifer Riley

Duane Morris Takeaway: Over the past year, the Biden Administration continued to roll out changes on several fronts as it aimed to expand the rights, remedies, and procedural avenues available to workers. During 2022, such efforts fueled litigation. With its decision in West Virginia v. Environmental Protection Agency, 142 S.Ct. 2587 (2022), the U.S. Supreme Court imposed another hurdle to agency rule-making. Meanwhile, government enforcement litigation activity took a back seat.

Over the past two years, the U.S. Department of Labor, in particular, has continued to roll out worker-friendly rules that could have a cascading impact on workplace class actions, including rules designed to wipe out the pro-business policies of the Trump Administration. Such efforts continued on multiple fronts in 2022, including with respect to rules regarding businesses’ utilization of independent contractors and their use of the tip credit.

As to the former, effective January 6, 2021, the DOL during the Trump Administration adopted an Independent Contractor Rule that addressed the circumstances under which a worker qualifies as an independent contractor. The Rule arguably made it easier for companies, including companies operating in the gig economy, to utilize independent contractors. Although the DOL under the Biden Administration withdrew the Rule in May 2021, in March 2022, a federal district court in Texas found the DOL’s withdrawal of the Rule unlawful. Although the DOL appealed the decision in May 2022, it later abandoned the appeal and, instead, on October 13, 2022, the DOL issued a proposed new rule on independent contractor status. It described the proposed framework as “more consistent with longstanding judicial precedent” and stated that the DOL “believes the new rule [will] preserve essential worker rights and provide consistency for regulated entities.” The rule is likely to fuel further litigation in 2023 and have a cascading impact on the workplace class action landscape as it impacts litigation and potential recoveries.

The DOL’s efforts to regulate use of the tip credit have met similar controversy. The FLSA, at 29 U.S.C. § 203(m), permits an employer to use the tips received by tipped workers to satisfy a portion of its minimum wage obligation. In 1988, however, the DOL added a rule (the 80/20 Rule) to its Field Operations Handbook that purported to require employers to pay employees at the full minimum wage rate for time spent performing non-tip-producing tasks that exceeded 20% of their workweek. Multiple courts attempted to apply this guidance so as to require employers to separate tasks performed by tipped workers into categories of tip-producing, non-tip-producing, and unrelated tasks, and the ensuring litigation over these issues has plagued the hospitality industry, in particular, over the past decade.

In November 2018, the DOL under the Trump Administration issued an opinion letter withdrawing the 80/20 Rule and, in February 2019, it amended the Field Operations Handbook to include a “reasonable time” standard, explaining that “an employer of an employee who has significant non-tip related duties which are inextricably intertwined with [his or her] tipped duties should not be forced to account for the time that employee spends doing those intertwined duties.” In December 2020, the DOL issued the Tip Regulations Final Rule. After twice delaying the effective date of the Final Rule, on October 23, 2021, the DOL under the Biden Administration withdrew and replaced the Final Rule. In doing so, the DOL resurrected the 80/20 Rule and purported to limit the tip credit to non-tip-producing work that directly supports tip-producing work and does not exceed “a continuous period” of 30 minutes. The new rule went into effect on December 28, 2021. In 2022, the Restaurant Law Center and Texas Restaurant Association filed suit seeking to invalidate the new final rule. On February 22, 2022, the U.S. District Court for the Western District of Texas denied their much-watched emergency motion seeking to enjoin nationwide enforcement of the new final rule but did not issue a ruling on the merits, and the appeal remains pending in the Fifth Circuit. The results are apt to fuel additional litigation in 2023.

The ultimate result is apt to elucidate the limits of agency rule-making authority and test the impact of the U.S. Supreme Court’s recent ruling in West Virginia v. Environmental Protection Agency, 142 S.Ct. 2587 (2022). In that case, the Supreme Court considered the validity of the Environmental Protection Agency’s new Affordable Clean Energy (ACE) Rule that was promulgated under Clean Air Act (CAA). It held that, under the major questions doctrine, the agency must point to “clear congressional authorization” for the authority it claims. The government failed to offer such authorization, instead pointing to a “vague statutory grant” that the Supreme Court found “not close to the sort of clear authorization required by our precedents.” Id. at 2614.

The changing tide of the Biden Administration’s policies has been slow to impact other areas. Whereas the DOL acted swiftly to reverse course on many fronts, over most of the past year, the EEOC continued to operate with a Trump-appointed majority of commissioners.

During 2022, however, the EEOC continued to operate with a Trump-appointed majority of commissioners.  Although President Biden quickly named two Democrats for the five-member Commission, Charlotte E. Burrows and Jocelyn Samuels, as Chair and Vice Chair, respectively, the commission retained a Republican-appointed majority until former chair Janet Dhillon’s resignation on November 18, 2022. Although such expiration opened the door to a Democratic-appointed majority, the Senate has not yet confirmed a replacement.

As the DOL continued efforts to work an about-face on the rule-making front, the EEOC’s year-over-year activity remained fairly steady. During fiscal year 2022, the EEOC filed 94 lawsuits. The EEOC’s year-over-year activity remained fairly steady.  During fiscal year 2022, the EEOC filed 94 lawsuits, including 92 merits lawsuits and two subpoena enforcement actions.  This number marked a significant decrease from the filings during fiscal year 2021, when the EEOC filed 124 lawsuits, including 116 merits lawsuits. This year’s filing data more closely resembles fiscal year 2020, when the EEOC filed 97 total lawsuits, including 93 merits lawsuits.

Notably, the EEOC’s California district offices in San Francisco and Los Angeles combined for 13 filings this past year, which is identical to the combined 13 cases they filed in fiscal year 2021.

According to the EEOC, it filed 13 systemic lawsuits this past year, the same number it filed during fiscal year 2021.  The EEOC reported that it has 29 pending systemic cases, which accounted for 16% of the EEOC’s docket in fiscal year 2021. This data has not yet been published for fiscal year 2022.

In contrast, by the end of FY 2018, the EEOC had 71 systemic cases on its active docket, two of which included over 1,000 victims, and systemic cases accounted for 23.5% of its active lawsuits in that year, likely reflecting a stalling in the ability of its Democratic-appointment members to push this aspect of the EEOC’s agenda.

Comparing its monetary recovery to previous years, the EEOC recovered $535.5 million in all types of cases in FY 2020, $486 million in FY 2019, and $505 million in FY 2018.

In sum, whereas companies continued to see pro-business rules promulgated by the Trump Administration withdrawn and overwritten in 2022, courts continued to impose hurdles to agency rulemaking, the success of which will continue to be seen in 2023. Enforcement activity remained steady as political appointments remain pending.

Employers are apt to see increased activity in 2023 as the EEOC in particular gains its full component of Biden appointees and can exercise its majority power to advance its agenda.

 

Illinois Supreme Court Holds Five-Year Statute Of Limitations Applies To The BIPA

By Alex W. Karasik, Gerald L. Maatman, Jr., and Jennifer A. Riley

Duane Morris Takeaways:  In one of the most highly anticipated class action rulings in years, in Tims, et al. v. Black Horse Carriers, Inc., Case No. 127801 (Ill. Feb. 2, 2023), the Illinois Supreme Court held that a five-year statute of limitations applies to claims under the Biometric Information Privacy Act, 740 ILCS 14/15 (“the BIPA”).  This ruling adds to the risks for employers and companies who do business in Illinois in terms of BIPA class action exposures.

Given that the BIPA statute does not have an explicit statute of limitations, the Illinois Supreme Court’s ruling now provides clarity for litigants and attorneys in this space as to the scope of the putative classes in their lawsuits.

Case Background

In March 2019, Plaintiff filed a class action complaint alleging that Defendant violated the BIPA through its timekeeping practices that involved the scanning and storing of employees’ fingerprints.  Plaintiff asserted claims under three sub-sections of the law, including: (1) section 15(a) of the BIPA, for failing to institute, maintain, and adhere to a retention schedule for biometric data; (2) section 15(b) of the BIPA, which states that no private entity may collect, capture, purchase, receive through trade, or otherwise obtain a person’s or a customer’s biometric identifier or biometric information without notice and consent; and (3) section 15(d) of the BIPA, which involves the unlawful disclosure or dissemination of biometric data without first obtaining consent.  Of note, section 15(c) of the BIPA prohibit the sale of a person’s biometric data for a profit, and section 15(e) of the BIPA imposes a duty of reasonable care in storing and protecting biometric data from disclosure.

On September 17, 2021, the Illinois Appellate Court held that hat a one-year limitations period pursuant to section 13-201 of the Illinois Code of Civil Procedure (the “Code”) governs actions under sections 15(c) and (d) of the BIPA, while a five-year statute of limitations pursuant to section 13-205 applies to sections 15(a), (b), and (e).  The Illinois Appellate Court explained that the BIPA imposes various duties that are separate and distinct from one another.  While each of the duties set forth under sections (a)-(e) “concern privacy,” the Appellate Court reasoned that a private entity could violate sections (a), (b), or (e) “without having to allege or prove that the defendant . . . published or disclosed any biometric data.” Tims v. Black Horse Carriers, Inc., 2021 IL App (1st) 200563, at ¶ 31 (1st Dist. Sept. 17, 2021)However, the “publication or disclosure of biometric data is clearly an element of an action under” sections 15(c) and (d). Id. at ¶ 32.  Accordingly, the Illinois Appellate Court applied the state’s one-year statute of limitations for right of privacy claims for sections (c) and (d), and applied the five-year “catch all” statute of limitations for sections (a), (b), and (e).

The Illinois Supreme Court’s Decision

On February 2, 2023, the Illinois Supreme Court affirmed in part and reversed in part the Illinois Appellate Court’s decision.  First, the Illinois Supreme Court notably opined that it, “agree[d] with the parties that the [A]ppellate [C]ourt erred in applying two different statutes of limitations to the Act.”  Tims, 2023 IL 127801, at ¶ 16.  It explained that one of the purposes of a limitations period is to reduce uncertainty and create finality and predictability in the administration of justice.  Id. at ¶ 20 (citations omitted).  The Illinois Supreme Court thus held that, “applying two different limitations periods or timebar standards to different subsections of section 15 of the Act would create an unclear, inconvenient, inconsistent, and potentially unworkable regime as it pertains to the administration of justice for claims under the Act.”  Id. at ¶ 21.

Having decided that a singular uniform statute of limitations should apply, the Illinois Supreme Court next analyzed whether the statute of limitations should be five years or one year.  Analyzing the plain language of the BIPA statute, the Illinois Supreme Court held that all five subsections of section 15 of the Act prescribe rules to regulate the collection, retention, disclosure, and destruction of biometric identifiers and biometric information.  Id. at ¶ 29.  In regards to the Illinois Appellate Court’s holding that section 15(a), 15(b), and 15(e) of the Act contained no words that could be defined as involving “publication,” the Illinois Supreme Court held that the Illinois Appellate Court correctly found that subsections (a), (b), and (e) are subject to the five-year “catchall” limitations period codified in section 13-205 of the Code. Id. at ¶ 30.

Turning to subsections (c) and (d), the Illinois Supreme Court acknowledged that the one-year statute of limitations could be applied.  Id. at ¶ 32.   However, the Illinois Supreme Court held that, “when we consider not just the plain language of section 15 but also the intent of the legislature, the purposes to be achieved by the statute, and the fact that there is no limitations period in the Act, we find that it would be best to apply the five-year catchall limitations period codified in section 13-205.  Id. at ¶ 30.  The Illinois Supreme Court explained that this outcome would further its goal of ensuring certainty and predictability in the administration of limitations periods that apply to causes of actions under the BIPA.  Id. at ¶ 32.  In support of its conclusion, the Illinois Supreme Court held that Illinois courts have routinely applied this five-year catchall limitations period to other statutes lacking a specific limitations period, such as the BIPA.  Id. at ¶ 34.

Finally, the Illinois Supreme Court examined the Illinois General Assembly’s goals in enacting the BIPA statute.  The Illinois Supreme Court opined that in light of the extensive consideration the General Assembly gave to the fears of and risks to the public surrounding the disclosure of highly sensitive biometric information, “it would thwart legislative intent to (1) shorten the amount of time an aggrieved party would have to seek redress for a private entity’s noncompliance with the Act and (2) shorten the amount of time a private entity would be held liable for noncompliance with the Act.”  Id. at ¶ 39. The opinion also noted that defamation torts such as libel and slander are subject to a short limitations period because aggrieved individuals are expected to quickly become apprised of the injury and act quickly when their reputation has been publicly compromised, while it would be uncertain as to whether an individual would ever become aware of their biometric being improperly disclosed or misappropriated.  Id.

The Illinois Supreme Court concluded its opinion by holding that the five-year limitations period contained in section 13-205 of the Code controls claims under the BIPA.  Therefore, the Illinois Supreme Court affirmed in part and reversed in part the judgment of the Appellate Court, and remanded the cause to the Circuit Court for further proceedings.

Implications For Employers

This decision is unsurprising given the public policy behind the law and the growing importance of privacy.  The five-year statute of limitations serves to increase BIPA class action litigation exposure.

Companies can expect more BIPA-related rulings in the near term. The Illinois Supreme Court is due to issue its decision in Cothron v. White Castle System, Inc., No. 1280004 (Ill.), which will decide whether each fingerprint scan is its own discrete violation.  An adverse finding in Cothron could enhance BIPA class action exposures.

If employers have not already done so, now is time to make sure their timekeeping procedures and consent policies are legally compliant. The Tims ruling is apt to increase the plaintiff class action bar’s appetite for BIPA claims, so it is more important than ever for employers to make sure their procedures are legally sound.

DMCAR Trend #4 – The Likelihood Of Class Certification In 2022 Was As Strong As Ever

By Gerald L. Maatman, Jr. and Jennifer A. Riley

Duane Morris Takeaway: In 2022, the plaintiffs’ class action bar succeeded in certifying class actions at a high rate. Across all major types of class actions, courts issued rulings on 360 motions to grant or to deny class certification in 2022. Of these, plaintiffs succeeded in obtaining or maintaining certification in 268 rulings, an overall success rate of nearly 75%.

The number of motions that courts considered varied significantly by subject matter area, and the number of rulings they issued varied accordingly. The following summarizes the results in each of 10 key areas:

Securities Fraud – 96% granted / 4% denied
Data Breach – 50% granted / 50% denied
Employment Discrimination – 53% granted / 47% denied
ERISA – 78% granted / 22% denied
RICO – 45% granted / 55% denied
TCPA – 67% granted / 33% denied
WARN – 100% granted / 0% denied
FLSA (Conditional Certification) – 82% granted / 18% denied FLSA (Decertification) – 50% granted / 50% denied
Antitrust – 37% granted / 63% denied
Products Liability / Mass Torts – 69% granted / 31 % denied

The plaintiffs’ class action bar obtained the highest rates of success in securities fraud, ERISA, WARN, and FLSA actions. In cases alleging securities fraud, plaintiffs succeeded in obtaining orders certifying classes in 23 of the 24 rulings issued during 2022, a success rate of 96%. In ERISA litigation, plaintiffs succeeded in obtaining orders certifying class in 18 of 23 rulings issued during 2022, a success rate of 78%. In cases alleging WARN violations, plaintiffs managed to certify classes in 100% of the suits that resulted in decisions this year.

As to the FLSA, plaintiffs achieved a high rate of success on motions for conditional certification, and they also received a high number of rulings that dwarfs the number of other rulings by a substantial margin. In 2022, courts issued more certification rulings in FLSA collective actions than in any other type of case. The ease by which plaintiffs can obtain conditional certification surely contributes to the allure of that space to members of the plaintiffs’ bar. The plaintiffs’ bar has succeeded in gaining conditional certification in FLSA matters at a high rate year over year, contributing to the volume of filings in this area.

In 2022, courts considered more motions for certification in FLSA matters than in any other substantive area. Overall, courts issued 236 rulings. Of these, 219 addressed first-stage motions for conditional certification of collective actions under 29 U.S.C. § 216(b), and 18 addressed second-stage motions for decertification of collective actions. Due to the low burden at the conditional certification stage, plaintiffs historically have enjoyed a high rate of success on such motions. Rulings in 2022 was no exception. Of the 219 rulings that courts issued on motions for conditional certification, 180 rulings favored plaintiffs, for a success rate of 82%. Such rate is in line with and slightly higher than the historic rate of success that plaintiffs have achieved with respect to such motions.

At the decertification stage, courts generally have conducted a closer examination of the evidence and, as a result, defendants historically have enjoyed an equal if not higher rate of success on these second-stage motions as compared to plaintiffs. Again, 2022 was no exception. Of the 18 rulings that courts issued on motions for decertification of collective actions, 9 rulings favored defendants, for a success rate of 50%. Such rate again is in line with the historic rate of success that defendants have achieved at the decertification stage.

An analysis of these rulings, provided in Chapter 13, demonstrates that a disproportionate number of these rulings emanated from pro-plaintiff jurisdictions, including the judicial districts within the Second (33 decisions) and Ninth Circuits (19 decisions), which include California and New York, respectively. Similar to recent years, however, the number of rulings emanating from the Sixth Circuit (36 decisions) proved as high if not higher than the number of rulings in these traditional pro-plaintiff forums.

The following graph illustrates these variations:

These numbers no doubt flow from the different standards by which courts in different circuits evaluate motions for conditional certification and decertification and, in turn, the likelihood of plaintiffs’ success on such motions in these areas. Various factors discussed in this Review could impact these trends in 2023. If, for instance, the Sixth Circuit joins the Fifth Circuit in abandoning the two-step certification process, and thereby increases the time and expense of gaining a conditional certification order, it may lead to a reshuffling of the deck in terms of where plaintiffs seek to pursue cases.

Delaware Says Corporate Officers Are Now Subject To A Duty Of Oversight In The Workplace Harassment Context

By Rebecca Bjork, Gerald L. Maatman, Jr., and Jennifer A. Riley

Duane Morris Takeaways: In a new legal development of significant import, employees of corporations incorporated in Delaware who serve in officer roles may be sued for breach of the duty of oversight in the particular area over which they have responsibility, including oversight over workplace harassment policiesIn its ruling in In Re McDonald’s Corp. Stockholder Derivative Litigation, No. 2021-CV-324 (Del. Ch. Jan. 25, 2023), the Delaware Court of Chancery determined that like directors, officers are subject to oversight claims.  This decision expands upon the rule established in the case of In Re Caremark International Inc. Derivative Litigation, 698 A.2d 959 (Del. Ch. 1996), which recognized the duty of oversight for directors. The decision will likely result in a flurry of litigation activity by the plaintiffs’ bar, as new cases will be filed alleging that officers in corporations who were responsible for overseeing human resource functions can be held liable for failing to properly oversee investigations of workplace misconduct such as sexual harassment.    

Introduction

On January 25, 2023, the Court of Chancery for the State of Delaware issued a ruling that will have a substantial impact on shareholder derivative lawsuits, especially as they implicate allegations of workplace harassment.  For the first time, corporate officers may be held liable for breach of the fiduciary “duty of oversight.”  This ruling is likely to result in a multitude of court filings as the contours of this new legal rule are tested in litigation filed by plaintiffs’ attorneys.  This represents yet another reason for companies to boost their efforts at corporate compliance and to ensure that robust complaint reporting and investigation systems are in place to protect employees who claim they are victims of discrimination, sexual harassment, and retaliation.

The Facts Underlying The Delaware Ruling

In In Re McDonald’s Corp. Stockholder Derivative Litigation, No. 2021-CV-324 (Del. Ch. Jan. 25, 2023), the Court found that Defendant David Fairhurst, who served as Executive Vice President and Global Chief People Officer of McDonald’s Corporation from 2015-2019, was liable to stockholders of McDonald’s for his failure to fulfill his fiduciary duty to fulfill his oversight role over human resource practices and policies.  As the Court explained, Fairhurst “breached his fiduciary duties by allowing a corporate culture to develop that condoned sexual harassment and misconduct” and “breached his duty of oversight by consciously ignoring red flags.”  (Slip Op. at 1.)  The Court therefore denied Fairhurst’s motion to dismiss, clarifying that under the logic of Caremark, Delaware law does recognize a duty of oversight for corporate officers.

To prevail in their claims against Fairhurst, the plaintiffs had a legal challenge to surmount, in that no court had found that officers as opposed to directors had a duty of oversight in light of misconduct within a corporation.  Even more, Delaware law presumes that directors and officers act in good faith when making decisions. Id. at 3.  But the plaintiffs did have sufficient and specific facts on their side, which the Court discussed in detail.

McDonald’s has its principal place of business in Chicago, Illinois, and has a global workforce that exceeds 200,000 individuals.  Id. at 5-6.  The Complaint alleged that the Chicago headquarters of the Company had a “party atmosphere” that was encouraged by former CEO Stephen J. Easterbrook and Fairhurst, who were close personal friends. Id. at 7.  Weekly happy hours featured an open bar, and “Easterbrook and Fairhurst developed reputations for flirting with female employees, including their executive assistants.”  Id.  Importantly, the plaintiffs alleged that the process for reporting human resource complaints (a company function directly under Fairhurst’s control) failed to address complaints sufficiently.  Between 2016 and 2018, more than a dozen complaints were filed with the EEOC by employees who alleged sexual harassment and retaliation.  Id. at 8.  In December 2018, McDonald’s employees in ten cities went on strike in protest, attracting the attention of the U.S. Senate.  Id. at 8-9, 12.

Plaintiffs also alleged that Fairhurst engaged in acts of sexual harassment in December 2016 and November 2018, and was warned about his use of alcohol at company events.  Id.  He was terminated in November 2019 after committing yet another act of sexual harassment. Id.   And in October 2019, the Board of Directors learned that Easterbrook was engaging in a prohibited relationship with an employee, and he was terminated after an investigation by outside counsel.  Id. at 15.

The crux of the reasoning behind the Court’s ruling is that an officer of a corporation has a fiduciary duty to oversee the corporation’s activities that fall within his or her role in the corporation.  As the Global Chief People Officer at McDonald’s, the Court opined that “[Fairhurst] had an obligation to make a good faith effort to put in place reasonable information systems so that he obtained the information necessary to do his job and report to the CEO and the board, and he could not consciously ignore red flags indicating that the corporation was going to suffer harm.”  Id. at 3.  Simply put, his human resources role required that he act in good faith to maintain an awareness of potential liability resulting from improper workplace conduct, and the Court found that he did not do so. “Corporate fiduciaries can face liability if they knowingly fail to adopt an internal information and reporting system that is ‘reasonably designed to provide to senior management and to the board itself timely, accurate information sufficient to allow management and the board, each within its scope, to reach informed judgments concerning both the corporation’s compliance with law and its business performance.’” Id. at 24 (citation omitted).  Because plaintiffs pled specific facts sufficient to allege that Fairhurst ignored red flags surrounding sexual harassment and the Company’s failed complaint system, the Court denied Fairhurst’s motion to dismiss.

Conclusion

While the Court’s decision is notable because it established a new fiduciary duty applicable to corporate officers, it is not a surprising outcome.  The logic of Caremark leads inevitably to this decision, once it is established that corporate officers have real power and obligations within a corporation to manage risk.  Because workplace harassment and retaliation claims pose very high risks to a corporation, it is to be expected that an officer responsible for the human resource function will come under strong scrutiny when EEOC charges and lawsuits are filed.  The best defense to a high stakes workplace lawsuit is to prevent it from being filed in the first place.  Ensuring that the proper systems for reporting and investigating workplace complaints are in place is by far preferable to litigating a case like this one.

DMCAR Trend #3 – The Arbitration Defense Suffered Setbacks In 2022

By Gerald L. Maatman, Jr. and Jennifer A. Riley

Duane Morris Takeaway: Of all defenses, a defendant’s ability to enforce an arbitration agreement containing a class or collective action waiver may have had the single greatest impact in terms of shifting the pendulum of class action litigation. With its decision in Epic Systems Corp. v. Lewis, et al., 138 S. Ct. 1612 (2018), the U.S. Supreme Court cleared the last hurdle to widespread adoption of such agreements. In response, more companies of all types and sizes updated their onboarding materials, terms of use, and other types of agreements to require that any disputes be resolved in arbitration on an individual basis. To date, companies have enjoyed a high rate of success enforcing those agreements and using them to thwart class actions out of the gate.

Statistically, corporate defendants fared well in asserting the defense. Across various areas of class action litigation, the defense won approximately 68% of motions to compel arbitration (roughly 69 motions granted in 102 cases).

By almost any measure, the arbitration defense had a tumultuous year in 2022. In the courts, chinks in the armor of the defense began to grow. While the U.S. Supreme Court shut down state efforts to evade arbitration of wage and hour claims, as discussed above, it limited application of the FAA to workers who participate in interstate transportation. Perhaps more significantly, on the legislative front, Congress significantly limited the availability of arbitration for cases alleging sexual harassment or sexual assault when it passed the Ending Forced Arbitration of Sexual Assault and Sexual Harassment Act. President Biden signed the Act into law on March 3, 2022.

The Act amends the FAA and provides a plaintiff the discretion to enforce pre-dispute arbitration provisions and class and collective action waivers in cases where he or she alleges “conduct constituting a sexual harassment dispute or a sexual assault dispute” or is “the named representative of a class or in a collective action alleging such conduct.” In other words, whereas the Act does not render such agreements invalid, it allows the party bringing sexual assault or sexual harassment claims to elect to enforce them or avoid them. The Act does not impact agreements entered into after a dispute arises.

The plaintiffs’ bar often alleges other claims along with claims for sexual assault or sexual harassment. Whereas the Act refers to a “case,” it remains to be seen whether courts will attempt to limit a plaintiff’s option to avoid pre-dispute arbitration to sexual assault or sexual harassment claims or will extend such option to all claims at issue in a case. The Act provides that “no pre-dispute arbitration agreement or pre-dispute joint-action waiver shall be valid or enforceable with respect to a case which is filed under Federal, Tribal, or State law and relates to the sexual assault dispute or the sexual harassment dispute.” To date, courts have not issued significant decisions interpreting such language.

Given the impact of the arbitration defense, in 2023, companies may face additional hurdles, on the judicial or the legislative front, as the plaintiffs’ bar continues to look for workarounds. In particular, we expect to see litigation over whether the Act’s use of the word “case” renders the statute applicable to all claims in the case, including claims other than sexual harassment and sexual assault and whether the statute, therefore, will allow for a broader shield to the arbitration defense.

Defendants Lose Motion To Dismiss Antitrust Class Action Over No Poach Claims

By Gerald L. Maatman, Jr., Jennifer A. Riley, and Michael DeMarino

Duane Morris Takeaways – In Borozny, et al, v. Raytheon Technologies Corp, Pratt & Whitney Division et al, No. 3:21-CV-1657, 2023 WL 348323 (D. Conn. Jan. 20, 2023), Judge Sarala Nagala of the U.S. District Court for the District of Connecticut declined to dismiss private civil class action claims against Raytheon’s Pratt & Whitney division, a leading manufacturer of civil and military airline engines, and the other defendants named as outsource suppliers for skilled aerospace labor. The decision in Borozny is an important one for companies because it serves as a reminder that even agreements to restrain trade amongst non-competitors can be treated as a per se antitrust violation and thus make it easier for Plaintiffs to obtain Rule 23 class certification.

Background Of The Case

In Borozny, et al, v. Raytheon Technologies Corp – an antitrust putative class action – eight named Plaintiffs alleged, on behalf of themselves and others similarly situated, that six corporate Defendants engaged in a conspiracy to restrain trade in violation of Section 1 of the Sherman Act, 15 U.S.C. § 1, by secretly agreeing to restrict their competition in the recruitment and hiring of aerospace engineers and other skilled workers in the jet propulsion systems industry.

Specifically, Plaintiffs alleged that Defendants’ alleged conspiracy not to hire or recruit each other’s employees was kept secret from Defendants’ employees due to its illegality and negative impact on the compensation and career options of Defendants’ employees. Plaintiffs further alleged that once any Defendant hired any aerospace worker, no other Defendant could recruit or hire that same employee, and that this agreement allowed Defendants to artificially suppress the market rate for aerospace workers. According to Plaintiffs, this alleged conspiracy impacted the market for aerospace workers by suppressing labor competition and, in turn, compensation.

Defendants moved to dismiss the complaint, arguing that that Plaintiffs had failed to allege conduct that is appropriately deemed a per se antitrust violation and failed to plead an alternative rule of reason claim.  The Court denied Defendants’ moutons to dismiss.

The Court’s Ruling

Defendants moved to dismiss the Complaint on the basis that it failed to allege a per se antitrust violation and also failed to allege in the alternative a rule of reason violation.  Defendants’ core contention was that they had a vertical, rather than a horizontal, relationship with each other, such that any agreements amongst them cannot be per se violations of the Sherman Act.  As the Court, explained, “the difference between a horizontal restraint on trade and a vertical restraint on trade is that . . . [r]estraints imposed by agreement between competitors have traditionally been denominated as horizontal restraints, and those imposed by agreement between firms at different levels of distribution as vertical restraints.”’ Id. at *6.

The Court rejected Defendants’ argument, and agreed with Plaintiffs that Defendants were focusing on the “wrong market.”  Id. The Court opined that the relevant market is not, as Defendants suggested, the market for aircraft engines or the “greater aerospace industry at large,” but rather the labor market for aerospace workers.

Because the complaint alleged a “conspiracy to restrain competition in the aerospace labor market” the Court concluded that “all Defendants . . . participate in that market horizontally, and they are all alleged to have participated in the market division conspiracy horizontally, and thus, per se treatment could be appropriate.”  Id. at *7.

The Court similarly concluded that Plaintiffs sufficiently alleged a rule of reason violation. To state a claim for a rule of reason violation, Plaintiffs must “allege[s] a plausible relevant market in which competition will be impairedand an adverse impact on that market.  Id. at *8.  Plaintiffs alleged that they could not easily transition to work outside of aerospace engineering firms, given the specialized training they obtained by working for Defendant.  Based on these allegations, the Court found “it reasonable, at least for purposes of a motion to dismiss, for Plaintiffs to limit the proposed market to the aerospace industry and to exclude other potential positions for people with Plaintiffs’ qualifications.”  Id.  As such, the Court held that Plaintiffs adequately alleged a plausible market for purposes of alleging a rule of reason violation.

The Court also concluded that Plaintiffs had alleged an adverse impact on the relevant market. Plaintiffs alleged that the agreement not to hire each other’s employees allowed Defendants to keep wages artificially low, due to the decreased competition in the market for aerospace workers. The Court found these allegations, “adequately stated an effect on the market.”  Id. at *13. Thus, the Court concluded that “Plaintiffs have adequately, although inartfully, pleaded an antitrust claim under the rule of reason.” Id.

On these bases, the District Court denied Defendants’ motions to dismiss.

Implications For Companies Facing Antitrust Class Actions

The ruling in Borozny highlights the ongoing battle in antitrust no-poach class actions to plead a per se violation. Indeed, in the class action context, whether the court analyzes the no-poach agreements under the per se or rule of reason test is often the critical issue driving the outcome of whether plaintiffs can satisfy Rule 23’s class certification requirements. This is because a per se violation (unlike a rule of reason violation) relieves a plaintiff from having to define the market where antitrust harm occurred, which often involves individualized inquiries that overwhelm the commonality necessary for class certification.

Employers should understand that their risk for no-poach claims extends broader than a potential alleged conspiracy with their competitors.  Borozny is a reminder that even agreements amongst non-competitors in vertical relationships (i.e., at different levels of the market structure) can be treated as a per se violation if they are horizontal competitors in the labor market.  Corporate defendants are well-advised to analyze and vet their vendor agreements and staffing contracts to look for potential restraints on competition.

© 2009- Duane Morris LLP. Duane Morris is a registered service mark of Duane Morris LLP.

The opinions expressed on this blog are those of the author and are not to be construed as legal advice.

Proudly powered by WordPress