Class Action Defense

By Gerald L. Maatman, Jr. and Tyler Z. Zmick

Duane Morris Takeaways:  In Colombo v. YouTube, LLC, et al., No. 22-CV-6987, 2023 WL 4240226 (N.D. Cal. June 28, 2023), the U.S. District Court for the Northern District of California issued a decision embracing a broad interpretation of the data types that are within the scope of the Illinois Biometric Information Privacy Act (“BIPA”).  The decision puts businesses on notice that the statute may apply to the collection or possession of any “scan of face geometry,” regardless of whether the scan can be used to identify a specific individual – – in other words, a “biometric identifier” under the BIPA need not be capable of “identifying” a person.  Colombo v. YouTube, LLC is required reading for corporate counsel facing privacy class action litigation.

Background

Plaintiff’s BIPA claims were premised on two YouTube video editing tools that allegedly resulted in the collection of his “biometric identifiers” and “biometric information” (collectively, “biometric data”) – YouTube’s (1) “Face Blur” tool and (2) “Thumbnail Generator” tool.  Id. at 2-3. According to Plaintiff, the “Face Blur” tool enables a user to select faces appearing in videos uploaded by the user that he or she may wish to “blur,” resulting in those faces appearing blurry and unrecognizable to any viewer of the videos.  Plaintiff claimed that when someone uses the tool, YouTube scans the uploaded video “to detect all unique faces” and, in doing so, “captures and stores scans of face geometry from all detected faces, creating a unique ‘faceId’ for each.”  Id. at 2 (citation omitted).

Regarding YouTube’s “Thumbnail Generator” feature, Plaintiff described the tool as auto-generating photographic thumbnails (i.e., screenshots from an uploaded video) by scanning videos for faces at the time they are uploaded and using the “face data to auto-generate thumbnails that contain faces.”  Id. (citation omitted).

Based on his alleged use of these two YouTube tools, Plaintiff alleged that YouTube violated Sections 15(a) and 15(b) of the BIPA by (i) failing to develop and comply with a written policy made available to the public establishing a retention policy and guidelines for destroying biometric data, and (ii) collecting his biometric data without providing him with the requisite notice and obtaining his written consent.

YouTube moved to dismiss on three grounds, arguing that: (1) Plaintiff failed to allege that data collected by YouTube qualifies as “biometric data” under the BIPA because YouTube did not (and could not) use the data to identify Plaintiff or others appearing in uploaded videos; (2) Plaintiff’s claims violated Illinois’s extraterritoriality doctrine and the dormant Commerce Clause; and (3) Plaintiff failed to allege that he was “aggrieved” for purposes of his Section 15(a) claim.

The Court’s Decision

The Court denied YouTube’s motion to dismiss on all three grounds.

“Biometric Identifiers” And “Biometric Information”

YouTube first argued that Plaintiff failed to allege that data collected through the Face Blur and Thumbnail Generator tools qualify as “biometric data” under the BIPA because Plaintiff did not plausibly allege that YouTube could use the data to affirmatively identify Plaintiff or other individuals.  See id. at 4 (“In YouTube’s view, biometric identifiers must identify a person and biometric information must actually be used to identify a person.”).

The Court rejected YouTube’s argument, stating that “[t]he “point is not well taken.”  Id.  The Court noted the statute’s definition of “biometric identifier” as “a retina or iris scan, fingerprint, voiceprint, or scan of hand or face geometry,” see 740 ILCS 14/10 – a definition that does not explicitly require that the listed data points be capable of identifying a particular person.  While the Court acknowledged that the term “identifier” may suggest that the data must be used to identify a person, the Court also opined that “‘[w]hen a statute includes an explicit definition, we must follow that definition,’ even if it varies from a term’s ordinary meaning.”  Id. at 4 (citation omitted); see also id. at 5 (“[T]he Illinois legislature was perfectly free to define ‘biometric identifier’ in a specific manner that is not tethered to the plain meaning of the word ‘identifier’ alone.”).

Extraterritoriality & Dormant Commerce Clause

The Court also rejected YouTube’s arguments that Plaintiff failed to allege that YouTube’s relevant conduct occurred “primarily and substantially” in Illinois, and Plaintiff’s interpretation of the BIPA would run afoul of the dormant Commerce Clause.

The Court held that Plaintiff sufficiently alleged that YouTube’s conduct occurred “primarily and substantially” in Illinois, thereby satisfying the extraterritoriality doctrine.  Id. at 5. Responding to YouTube’s argument that the company’s headquarters and data servers are located outside of Illinois, the Court stated that those facts are “not dispositive” and that “[m]aking the geographic coordinates of a server the most important circumstance in fixing the location of an Internet company’s conduct would . . . effectively gut the ability of states without server sites to apply their consumer protection laws to residents for online activity that occurred substantially within their borders.”  Id. at 6 (citation omitted).

Using the same reasoning, the Court concluded that “YouTube’s dormant Commerce Clause theory fares no better” because YouTube’s allegedly BIPA-violating conduct “cannot be understood to have occurred wholly outside Illinois,” id. at 7 (citation omitted) – i.e., Plaintiff’s claims were based on the application of an Illinois law to Illinois-based YouTube users.

Whether Plaintiff Is “Aggrieved” Under Section 15(a)

Finally, the Court rejected YouTube’s argument that Plaintiff failed to allege that he was “aggrieved” under Section 15(a), which sets forth two requirements for entities in possession of biometric data: (i) to develop a publicly available BIPA-compliant retention policy; and (ii) to comply with that policy.  YouTube argued that Plaintiff failed to allege that he was aggrieved under Section 15(a) because he did not claim that YouTube failed to comply with an existing retention policy as to his biometric data (e.g., that three years had passed since his last interaction with YouTube, yet YouTube had failed to destroy his biometric data).

The Court observed, however, that Plaintiff alleged that YouTube failed to develop and “therefore failed to comply with any BIPA-compliant policy,” which “is enough to move forward . . . [a]t the pleadings stage.”  Id. at 8 (emphasis added) (citation omitted).

Implications For Corporate Counsel

Colombo can be added to the list of recent plaintiff-friendly BIPA decisions, as it endorses an expansive view of the types of data that constitute “biometric data” under the statute.  Indeed, the Colombo ruling suggests that any data that can be characterized as a “scan of face geometry” – regardless of whether the scan can be linked to a specific person to identify him or her – qualifies as a “biometric identifier” within the BIPA’s scope.  Put another way, technology capable of only detecting a category of objects or characteristics in a photo or video (e.g., software that identifies the location of a human face in a photo – as opposed to an arm or leg – without being able to link that face to a specific person) may involve data subject to regulation under the BIPA.

By Gerald L. Maatman, Jr. and Rebecca S. Bjork

Duane Morris Takeaways: On June 29, 2023, the U.S. Supreme Court ruled that colleges and universities may not consider the race of applicants when making admissions decisions.  In Students for Fair Admissions, Inc. v. President and Fellows of Harvard College, No. 20-1199 (U.S. June 29, 2023), Chief Justice Roberts wrote the majority opinion in a 6-3 ruling joined by Justices Thomas, Alito, Gorsuch, Kavanaugh and Barrett.  The Supreme Court held that affirmative action programs at Harvard and the University of North Carolina-Chapel Hill violated the Equal Protection Clause of the Fourteenth Amendment to the U.S. Constitution.  The decision, which is 237 pages in length, including concurring and dissenting opinions, opens the door for legal challenges to be brought to employers’ diversity, equity and inclusion efforts because the Supreme Court’s reasoning – that race-conscious admissions policies may constitute unconstitutional differential treatment of individuals based on race – arguably applies to hiring and promotion decisions made within business organizations. 

Case Background

The lawsuit that led to the Harvard decision was filed in the U.S. District Court for the District of Massachusetts by Students for Fair Admissions, Inc. (SFAA), a legal organization created to bring federal court challenges to affirmative action in college and university admissions.  In 2014, SFAA sued both Harvard and UNC in separate lawsuits, arguing that their race-conscious admissions policies violated Title VII of the Civil Rights Act and the Fourteenth Amendment’s Equal Protection Clause.  Id. at 6.  The First Circuit had affirmed a trial judgment in Harvard’s favor, while the Fourth Circuit was considering an appeal of the UNC case when the Supreme Court granted certiorari in the Harvard case and brought the UNC case into its writ to be decided alongside it.

The Supreme Court’s Decision

After determining that SFAA had standing to bring its lawsuits, the majority turned to analyzing the merits.  It focused on the Fourteenth Amendment in light of prior decisions relating to education, beginning with the holding in Brown v. Board of Education that “racial discrimination in public education is unconstitutional.”  Id. at 13.  After reviewing decades of case law following in the footsteps of Brown, the majority concluded that “[e]liminating racial discrimination means eliminating all of it.”  Id. at 15.  The majority discussed the application of the strict scrutiny test that courts apply to determine whether an exception can be made to the constitutional requirement of equal protection and analyzed how prior decisions regarding affirmative action considered the facts at hand in applying that test.  Citing Regents of the University of California v. Bakke, 438 U.S. 265 (1978), Grutter v. Bollinger, 539 U.S. 306 (2003), and Fisher v. University of Texas at Austin, 570 U.S. 297 (2013) – the latter of which was also brought by the founder of SFAA – the majority examined these prior rulings in detail.  The majority asserted that in Fisher, the Supreme Court made it clear that while colleges and universities could consider race in admissions decisions, the process must have “a termination point,” “have reasonable durational limits,” “must have ‘sunset provisions’” and “must have a logical end point.”  Id. at 21.

The majority concluded that the end point has now been reached, deciding that both Harvard’s and UNC’s admissions policies that took race into consideration were unconstitutional because the operations of those programs do not create outcomes that are “sufficiently measurable to permit judicial [review].”  Id. at 22.  For example, Harvard’s stated purposes for using race-conscious admissions processes included “training future leaders in the public and private sectors,” “preparing graduates to adapt to an increasingly pluralistic society,” “better educating its students through diversity,” and “producing new knowledge stemming from diverse outlooks.”  Id. at 23.  The majority held that those objectives “are not sufficiently coherent for purposes of strict scrutiny.”  Id.

Independently, the majority held that the programs violated equal protection principles based on statistics showing that Harvard’s consideration of race in admissions led to an 11/1% decline in the number of Asian-Americans admitted to the prestigious college.  Id. at 27.  This led the majority to conclude that an individual’s race is, by effect, a negative factor in the admissions process, which violates the rules set forth in the earlier affirmative action cases in higher education discussed in the ruling.  Id.

Finally, the majority expressed a caveat to its ruling forbidding the use of race-conscious processes in admissions.  It wrote that “nothing in this opinion should be construed as prohibiting universities from considering an applicant’s discussion of how race affected his or her life, be it through discrimination, inspiration, or otherwise.”  Id. at 39.  Time will tell whether this creates a loophole in the majority’s decision, but it clearly will encourage further litigation in the future in this area of the law, as college admissions officials grapple with how to consider and weigh the impact of such admissions essays submitted by prospective students.

As expected, the dissenting Justices Sotomayor and Jackson wrote impassioned dissents, and Justice Sotomayor read hers from the bench, in terms of signaling its importance.  They maintained that the Fourteenth Amendment itself is not race-neutral; it was drafted at the end of the Civil War precisely to provide race-based relief to former enslaved persons seeking to enter civic and commercial society.  For these reasons, they contended that, to hold that its application requires a form of color-blindness, is in conflict with the amendment itself.  And they expressed concern that students who are members of historically disadvantaged racial groups will find it increasingly difficult to get ahead of their non-minority peers as a result of the majority’s ruling.

Implications For Employers

While one would not normally think that a decision relating to university admissions processes would implicate how employers hire and evaluate employees, in this case it does.  Media outlets have already reported that attorneys are preparing challenges to employers’ diversity, equity and inclusion programs, applying the same Fourteenth Amendment analysis outlined in the Supreme Court’s decision in Harvard.  As such, legal department leaders in corporate America should pay attention and be aware of how this decision poses litigation risks to their businesses.

By Gerald L. Maatman, Jr., Gregory Tsonis, and Shaina Wolfe

Duane Morris Takeaways – Recently, the Illinois General Assembly made substantial modifications to Illinois’ Day and Temporary Labor Services Act (820 ILCS 175/). The legislation drastically alters the legal landscape for staffing agencies and their clients.  These amendments, codified in HB2862, were passed on May 19, 2023, and presented to the Governor for signing on June 16, 2023.  Absent a veto, the law will automatically come into effect upon the date of the Governor’s approval or no later than August 15, 2023, if no action is taken. The alterations made to the Act are significant and present considerable implications for staffing agencies that employ or utilize day or temporary laborers, as well as their customers.  The changes to the Act impose increased obligations and require unprecedented information-sharing between staffing agencies and their customers to ensure compliance with the new requirements.  When paired with increased penalties and a third-party enforcement mechanism, staffing agencies and their customers face substantially increased regulatory and compliance burdens and vastly increased exposure to monetary penalties and litigation.

An Overview Of The Changes

The proposed changes can be grouped into various categories, each with its unique impact on staffing agencies and their customers. One element that has not changed, however, is the definition of “day and temporary labor,” which remains defined as “work performed by a day or temporary laborer at a third party client,” but excluding work “of a professional or clerical nature.” 820 ILCS 175/5.  The amended Act contains the several significant modifications.

Equivalent Compensation And Benefits

The new legislation requires that day and temporary laborers assigned to a client for more than 90 calendar days must receive equal compensation and benefits (“equal pay for equal work”) as their counterparts directly employed by the client.  The requisite equal pay and benefits to qualifying temporary laborers must, at a minimum, match the least paid direct hire at the same seniority level, performing work of a substantially similar nature under substantially similar working conditions.  The staffing agency may, in lieu of benefits to a temporary worker, choose to compensate the worker with the cash equivalent of those benefits.  In instances where there is no direct hire for comparison, the temporary worker should be paid an equivalent salary and receive the same benefits as the lowest-paid employee at the nearest level of seniority.  Furthermore, if a staffing agency requests it, a client company is obligated to supply the staffing agency with all relevant information regarding the job roles, pay, and benefits of directly hired employees.

These changes present significant challenges for staffing agencies and their customers alike.  The revised legislation, for example, does not define what “benefits” fall within the Act and which must be provided to qualifying temporary workers and what impact, if any, the staffing agencies’ benefit plans offered to workers have on the requisite compensation.  Client companies must provide staffing agencies with the necessary information as to “job duties, pay, and benefits” or risk committing a violation of the Act punishable by a $500 penalty and attorneys’ fees and costs.  As a result, the uncertainty injected by the new requirements presents several practical challenges to staffing agencies and client companies alike.

Disclosure Of Labor Disputes

The revised Act requires staffing agencies to inform laborers, before dispatch, if they will be working at a site currently experiencing “a strike, a lockout, or other labor trouble.”  820 ILCS 175/11.

The notice to the temporary worker must be in a language that the worker understands and must inform the worker of the dispute and the worker’s right to refuse the assignment “without prejudice to receiving another assignment.”  The phrase “other labor trouble” is undefined in the revised Act, further inserting ambiguity and uncertainty for staffing agencies in compliance with the proposed law.

Safety Inquiries And Training

The amendments also introduce considerable new safety-related responsibilities for both staffing agencies and their client companies.

Prior to assigning a temporary worker, a staffing agency is obligated to inquire into the safety and health practices of the client company, inform the temporary worker about known job hazards, offer general safety training about recognized industry hazards, and document this training. In addition, the agency should give a general overview of its safety training to the client company at the onset of placement, provide temporary workers with the Illinois Department of Labor’s hotline for reporting safety concerns, and instruct the temps on whom to report safety issues to in the workplace.

Simultaneously, client companies are also compelled to adhere to several new safety-related requirements before a temporary worker begins work.  Client companies must disclose any anticipated job hazards, review the safety and health awareness training received by the temporary workers from their staffing agencies to ensure its relevance to their specific industry hazards, offer specific worksite hazard training, and maintain records of such training.  These records must also be confirmed to the staffing agency within three business days of the training completion. If a temporary worker’s role is altered, the company must provide updated safety training to cover any specific hazards of the new role.  In addition, client companies must grant staffing agencies access to the worksite to verify the training and information given to temporary workers.

Increased Fees And Penalties

Under the revised law, fees charged to staffing agencies for registration with the Illinois Department of Labor have increased.  Penalties for staffing agencies and client companies in violation of notice requirements have also seen a substantial increase, and now range from $100 to $18,000 per first violation (up from $6,000) and $250 to $7,500 for repeat violations within three years (up from $2,500).  Distinct violations may be found on the basis of the type of violation, the day on which the violations occurred, or even each worker impacted by a violation, thereby drastically increasing exposure to staffing agencies and their client companies.

The Illinois Attorney General may even request that a court suspend or revoke the registration of a staffing agency for violating the Act or when warranted by public health concerns.

Third-Party Enforcement

The amendments also provide third-party organizations – defined as any entity “that monitors or is attentive to compliance with public or worker safety laws, wage and hour requirements, or other statutory requirements” – with the power to initiate civil actions to enforce compliance with the Act.

Notably, these “interested parties” can bring suit against staffing agencies and/or their customers if they merely hold a “reasonable belief” that a violation of the Act has occurred in the preceding three years.  As a prerequisite to filing suit, these organizations must first file a complaint with the Illinois Department of Labor, which provides notice to the staffing agency or client of the complaint.  However, regardless of whether the Department of Labor finds the complaint without merit, or even if the violation is cured, the interested party can still receive a right to sue notice and proceed with litigation.  A prevailing party in litigation is entitled to 10% of any assessed penalties, as well as attorneys’ fees and costs.

Implications For Employers

The modifications to the Day and Temporary Labor Services Act present several potential complications and ambiguities for staffing agencies as well as their customers.  Notably, the requirement of equal pay for equal work, after a laborer has been with a client for over 90 days, creates substantial issues in what constitutes “equal work,” “equal pay,” and which benefit programs fall within the compensation requirements.   Moreover, the provision permitting staffing agencies to pay the hourly cash equivalent of the actual cost benefits in lieu of the required benefits further muddies the waters and requires unprecedented information-sharing between staffing agencies and their clients.  Staffing agencies’ obligation to inform temporary workers of “other labor trouble” at client sites is vague, and the lack of a clear definition may lead to compliance issues.  Moreover, the increased fees, penalties, and potential civil actions initiated by third-party organizations may lead to additional regulatory and litigation burdens for staffing agencies and clients alike. Finally, the private right of action created by the enactment is sure to prompt class actions by advocacy groups.

These substantial changes call for staffing agencies and their clients to revisit their current policies and practices to ensure compliance with the revised Act before it comes into effect. As the amendments hold significant implications for staffing agencies and client companies alike, early communication and a cooperative approach is recommended to navigate the new requirements effectively.  While further guidance from the Department of Labor is likely to clarify several ambiguities in the Act, in the meantime, staffing agencies and client companies should immediately seek legal counsel to better understand  the changes, assess the specific impact of each category of changes on their businesses, and ensure compliance to minimize exposure to penalties or litigation.

Duane Morris Takeaway: This week’s episode of the Class Action Weekly Wire features Duane Morris partner Jennifer Riley and associate Hari Kumar with their analysis of procedural class action issues and rulings from 2022, and predictions for what 2023 may bring for Corporate America. We hope you enjoy the episode.

By Gerald L. Maatman, Jr. and Jeffrey R. Zohn

Duane Morris Takeaways: On June 9, 2023, Judge Thomas Durkin of the U.S. District Court for the Northern District of Illinois terminated consolidated cases from the late 1970’s and early 1980’s that sought to thwart Defendants’ efforts to continue to funnel pension funds to organized crime. The litigation – entitled U.S. Department of Labor v. Estate of Fitzsimmons et al., Case Nos. 78 C 00342, 78 C 04075 & 82 C 07951, 2023 WL 3916304 (N.D. Ill. Jun. 9, 2023) – is one of the oldest pending cases in the American judicial system.  The first chapter of these cases concluded in 1982 and 1985, respectively, when the Northern District of Illinois entered two separate Consent Decrees that subjected the funds to Court-appointed monitoring.  The final chapter recently concluded – 41 years later – when Judge Durkin dissolved those Consent Decrees over objections from the Department of Labor (“DOL”).  Although the language of the Consent Decrees did not explicitly give the Court the right to dissolve both Consent Decrees in this manner, the Court relied on the broad power granted to it under the Federal Rules of Civil Procedure, which allows it to relieve parties from final judgment if the continued application of the judgment is no longer equitable.

Case Background

More than 40 years ago, the DOL filed suit against Frank Fitzsimmons, Loran Robbins, Allen Dorfman – all of whom have since passed away – and several others alleging that the trustees of the Central States, Southeast and Southwest Areas Pension Fund (the “Pension Fund”) and Health & Welfare Fund (the “Health & Welfare Fund”) had mismanaged assets by providing loans to organized crime.  The U.S. District Court for the Northern District of Illinois entered multiple Consent Decrees, which appointed fiduciaries to manage the assets of those Funds.  The Consent Decrees have been in place since 1982 and 1985, respectively.

The Court noted that since then, not once has the DOL found that the Funds have violated the Consent Decrees or any other applicable laws.  Judge Durkin opined that “[s]uch a record is almost incredible, given that it has been 41 years since the [first] Consent Decree was entered.”  Id. at 4.  In fact, a government investigation revealed that the Funds were actually outperforming comparable funds.  Further, in 2022, the Pension Fund applied for and received $35.8 billion in Special Financial Assistance, as part of the American Rescue Plan Act of 2021.

On April 4, 2023, the Court-appointed Independent Special Counsel (“ISC”) for the Consent Decrees recommended dissolution of the Consent Decrees because they have fully achieved their objectives.  The Funds neither advocated for or opposed dissolution.  The DOL opposed dissolution so that it could monitor the influx of new money.

The Court’s Opinion

Judge Durkin determined that the relevant language in the Pension Fund Consent Decree permitted the Court to dissolve the Consent Decree if the Pension Fund makes such a petition.  The relevant language in the Health & Welfare Fund Consent Decree permitted the Court to dissolve the Consent Decree sua sponte or upon petition from the Health & Welfare Fund.  Here, only the ISC petitioned the Court for dissolution.  The ISC has no authority under the Consent Decrees and only the Health & Welfare Fund Consent Decree permits the Court to act sua sponte.

Although the Funds took no position on the dissolution of the Consent Decrees, the Court held that it still has equitable power to dissolve the Consent Decrees.  In quoting Rule 60(b)(5), the Court explained that it may relieve a party from final judgment if the judgment “has been satisfied, released, or discharged, . . . or applying it prospectively is no longer equitable.”  Id. at 2.  It reasoned that the Court “may modify a decree of injunctive relief if the legal or factual circumstances have changed since the time of issuance.”  Id.  Consent decrees, in particular, are “not intended to operate in perpetuity.”  Id.

In support of its decision to dissolve the Consent Decrees, the Court noted that the circumstances have changed since the issuance of the Consent Decrees.  Their purposes have long since been achieved.  There is no longer a credible threat of the Funds being used as a front for organized crime, which was the original purpose of the Consent Decrees.

The Court recognized the DOL’s desire to continue supervising the Funds in light of the $38.5 billion the Pension Fund recently received, noting that the disposition of billions of dollars in taxpayer money is cause for heightened concern.  However, this new money is unrelated to the purpose of the Consent Decrees.  The DOL and other government agencies still have other avenues to supervise the Funds, such as through the ERISA and the American Rescue Plan Act.

Implications For Employers

The Fitzsimmons ruling is a stark reminder of the potential power of Federal Courts and government.  This ruling illustrates both the staying power of an order entered by a District Court judge decades ago and the power to supersede such an order despite the plain language of the original order indicating otherwise.  Moreover, the fact that the DOL would not agree to relinquish the power the Court granted it over 40 years ago is another reminder of the importance of handling pension funds appropriately.  A finding of mismanagement may enable cumbersome government oversight for an untold period of time.

 

Duane Morris Takeaway: This week’s episode of the Class Action Weekly Wire features Duane Morris partners Jennifer Riley and Alex Karasik with their analysis of privacy class action trends and rulings from 2022, and predictions for what 2023 may bring for Corporate America given key developments in the BIPA class action litigation landscape so far this year. We hope you enjoy the episode.

Episode Transcript

Jennifer Riley: Welcome listeners, thank you for joining us for the latest edition of the Class Action Weekly Wire. We’re here this week to talk about privacy class actions and I’m joined by my colleague Alex Karasik. Alex can you tell our listeners how this area of privacy class actions has evolved over the last few years?

Alex Karasik: Thanks, Jen. Well, the BIPA statute was relatively dormant since it became law in 2008, and since then the number of BIPA class actions has exploded. In addition, if other states start enacting similar statutes regarding biometric privacy we think there will be a similar uptick in class actions for those states throughout the country, so this is definitely an emerging area of law.

Jennifer: The plaintiffs’ class action bar has sought to capitalize in this area on ambiguous statutory provisions, plus slow to develop compliance programs, coupled with stiff statutory penalties and fee shifting, to really leverage some sizable settlements in this area.

Alex: And adding to this minefield, lots of states are considering similar copycat statutes which can make it difficult for employers if you have operations in two different states that have two different laws, plus there’s been some grumblings of a potential federal statute – while none of those have come to fruition yet it’s something that they should definitely pay attention for.

Jennifer: Let’s turn to some of the key rulings in this area both this year and in 2022. Alex, what are some of the key rulings that come to mind?

Alex: In February 2023, the Illinois Supreme Court issued two long-awaited rulings that will undoubtedly shape the BIPA landscape. In Tims, et al. v. Black Horse Carriers, the Illinois Supreme Court held that a five-year statute of limitation applies to the BIPA. The statute itself doesn’t have an express limitations, so some advocates were arguing that a one-year or two-year statute of limitations should apply, but this ruling undoubtedly increases exposure for BIPA cases. In addition the Illinois Supreme Court held in Cothron, et al. v. White Castle that each individual scan is a violation of the BIPA – as opposed to being a per person basis – so once again, if multiple employees are scanning in and out of a factory or office each day, each scan being a violation will again substantially increase potential damages in this space.

Jennifer: Thanks, Alex – what kind of impact do you think these rulings are apt to have on future privacy class action litigation?

Alex: That’s an excellent question, Jen. I think that these rulings are going to increase the plaintiffs’ bar appetite knowing that there’s substantial damages to be had in this space, but at the same time one has to wonder – if it’s a per scan, each violation – plus a five-year statute of limitation – with damages now creeping into the millions and billions of dollars, is it even going to be feasible for plaintiffs to recover on a per scan basis? So that’s something to keep in mind, as I doubt plaintiffs’ counsel will want to litigate these cases in bankruptcy court against businesses. It’ll also be interesting to see the different defenses that an employer or company might offer when defending one of these cases in terms of the constitutionality of such damages, so it remains to be seen how these new goal posts that have been set by the Illinois Supreme Court in February of 2023 will impact both how these cases are tried and resolved, but there’s definitely going to be some big changes on the forefront.

Jennifer: Wow, no wonder this area has really exploded over the past year. Are there any other impactful or interesting rulings that come to mind from 2022-2023?

Alex: Absolutely, Jen. The first BIPA jury trial occurred in 2022 in the fall, and that left a huge impression in this space. In that case, Rogers, et al. v.  BNSF Railway, approximately 45,000 truckers sued a railway company in terms of BIPA violations. There the jury found there were approximately 45,600 discrete violations of the BIPA, and at that point, after entering judgment, the damages were $228 million dollars – that’s a lot of money, and the jury there didn’t sympathize with the employer’s arguments, and awarded the full willful damages available under the statute. So I think that for businesses and employers that are thinking about trying one of these cases in front of a jury pool in Chicago or potentially beyond – there’s a lot of risk there.

Jennifer: Thanks, Alex – that is some serious money awarded by the jury in that case. We’ll be sure to keep our listeners up to date on happenings in that matter. Are there any other important rulings that our listeners should know about?

Alex: Yeah, absolutely Jen, there are some cases that come to mind that are trying new novel approaches to the BIPA statute. First, in Wilks, et al. v. Brainshark, this case involved the facial recognition in recording of presentations. In the traditional BIPA context, especially in the early years when these class actions first started to get filed, it would predominantly involve allegations of thumbprint or fingerprint scanning, but I think you’re starting to see more in the facial recognition space. Jen, were there any rulings from 2022 that you found interesting?

Jennifer: Thanks, Alex – one that comes to mind immediately is a ruling called Kukovec, et al. v. The Estée Lauder Companies, Inc. That was an interesting ruling because it involved try-on technology. The plaintiffs brought suit against The Estée Lauder Companies alleging that their try-on tool collected or captured facial geometry, and that the defendants had failed to get users consent and failed to inform users regarding the collection and the retention of such data. The defendant in that case moved to dismiss on various grounds.

First, the defendant moved to dismiss on the ground that the court lacked personal jurisdiction – this is an interesting argument because the defendant said the tool was available to Illinois consumers, but more as a passive tool that was available and therefore there wasn’t this purposeful availment of the jurisdiction. The court disagreed and said that the try-on tool was part of the defendant’s marketing and sales strategy, and that the consumers actually had the option to use buttons, to add products to the cart, to send products as gifts through the website, so it was sufficient for personal jurisdiction – and the court noted that the defendant’s argument took an overly narrow view.

Secondly, the defendant argued that venue was improper because there was an arbitration agreement. This is interesting as well because the defendant claimed that the arbitration agreement was part of the terms of use for its web page, but the court disagreed and said that the plaintiff lacked constructive knowledge or there was a lack of evidence that the plaintiff had constructive knowledge of the arbitration agreement, and therefore a lack of evidence the plaintiff accepted those terms.

Third, the defendant sought to dismiss the complaint on the grounds that the plaintiff had alleged only conclusory statements and had failed to allege facts and support of allegations that biometric information was actually collected. The court disagreed and found the pleading sufficient to meet the pleading standards, and that the plaintiff had alleged enough to infer that the defendant had captured biometric information. However, the court ruled that since recklessness and intentionality requires a specific state of mind, that the plaintiff had failed to allege facts in support of those claims, and the court ran a dismissal of those.

Finally, the defendant contended that because the plaintiff had not used the websites of four other brands that also utilize the virtual try-on tool, that the plaintiff lacks standing to represent a class of consumers as to those websites. The court said that argument was premature because the plaintiff had not actually moved to certify a class yet. So that is an interesting ruling, and I think as the popularity of try on tools and technologies continues to grow, we’re going to see more lawsuits attacking similar products and similar technologies fueling or helping to fuel that growth in the biometric data privacy front.

Alex: Wow, that’s a great example Jen, and I can imagine that in the Renaissance Era of e-commerce, virtual try-on tools become more and more popular as people seek to purchase goods and retail products online and we’re going to see a lot more of those from the plaintiffs’ bar in the near future.

Jennifer: How about top settlements, Alex, was the plaintiffs’ bar able to capture big dollars for plaintiffs in privacy class actions over the past year?

Alex: Oh yeah – there’s been a lot of big money dollars in BIPA settlements! There’s a Google settlement for $100 million and a TikTok settlement for $92 million that lead the way, and in fact over the whole tenure of the BIPA statute there’s been over a billion dollars recovered under this law, so it’s absolutely worth a lot of money to employers and businesses – and I think these eye-popping numbers alone should be reason to convince companies of the potential financial risk of not complying with the BIPA.

Jennifer: Thanks, Alex. I think one of our key takeaways here is that it’s very important for companies and corporate counsel to implement policies and procedures that fully comply with the BIPA and other state and federal privacy regulations and statutes. Companies should implement proper safeguards, they should implement consent processes for the collection and retention of biometric data – particularly with respect to Illinois consumers – and in other states either with or considering similar legislation. Companies should also take heed of how they notify users and obtain their consent before collection of biometric information.

Alex: Thank you Jen for your time today, and thank you to our listeners for paying attention to our BIPA and privacy presentation. This is obviously a rapidly emerging area of law that absolutely will continue to evolve day by day in the near future.

Jennifer: Thank you Alex, thank you for joining us and thank you to our listeners for viewing another episode of the Class Action Weekly Wire – we’ll see you next week.

Alex: See you soon!