A lawsuit against US Cold Storage under the Biometric Information Privacy Act was recently dismissed because, the court held, the violations of the law were merely technical. As a result, the plaintiff did not have sufficient standing. This decision echoes the other cases we have reported on recently.
Here, the plaintiff alleges that his former employer collected and stored his fingerprints without his consent. (BIPA requires written notice and consent to collect and use biometric information.) The court concluded that the lack of consent alone did not amount to an injury. In reaching its decision, the court pointed out that the plaintiff knew his fingerprints had been collected. He also knew that his fingerprints were used to track his working hours.
In reaching its decision, the court mirrored other courts that have concluded there has been no injury. In particular, when the person knows their biometric information was collected. Also, when the information hasn’t been shared with any third parties.
Putting it Into Practice: While BIPA cases are getting dismissed, companies should nevertheless check their fingerprint practices and ensure that they are comfortable with their notice and choice process.