Photo Credit: Shutterstock
A federal judge has ruled that a class-action lawsuit accusing Target of unlawfully collecting customers’ biometric data will proceed. The lawsuit, filed in May 2023 in the Northern District of Illinois, alleges that the retailer violated Illinois’ Biometric Information Privacy Act (BIPA) by collecting and storing consumers’ biometric information, including facial geometry scans, without obtaining the necessary written consent or informing customers as required by the law.
The case is brought by four Illinois women who claim to represent the interests of all Illinois residents impacted by Target’s practices. According to the plaintiffs, Target uses facial recognition software and surveillance cameras in its stores for loss prevention purposes. They contend that neither they nor other consumers were made aware of how their biometric data, including facial images, was being used or retained, which they argue is a violation of BIPA’s informed consent and data retention requirements.
In its motion to dismiss, Target argued that the plaintiffs’ claims were based primarily on third-party reports rather than their own direct knowledge, including a 2018 news story about Target’s National Investigation Center in Minneapolis. Target further contended that the lawsuit lacked factual support because the plaintiffs did not have first-hand information about the collection or use of their biometric data. However, the court found that the plaintiffs’ allegations presented a credible case that Target violated BIPA and denied the motion to dismiss.
Judge Jeremy Daniel, in his ruling, emphasized that the plaintiffs provided a “legitimate reason” to believe their biometric data had been improperly collected and stored. He concluded that the allegations were sufficient to move the case forward, stating that the complaint was not lacking in substance. “This is not a case where the complaint ‘offers no basis for the allegation that (the defendant) disclosed (the plaintiff’s) biometric data’,” Judge Daniel wrote. “Rather, it is one where the plaintiffs supply a legitimate reason why they believe Target violated BIPA, which is sufficient to survive the motion to dismiss.”
The plaintiffs’ claims rest on the assertion that Target’s use of biometric data for facial recognition in its stores is unlawful under Illinois’ BIPA, which requires businesses to obtain informed consent from individuals before collecting, using, or storing their biometric data, and to disclose how long such data will be retained.
As of the judge’s ruling, Target is required to respond to the complaint by December 13, 2023. This case follows a similar lawsuit filed earlier in the year in Cook County Circuit Court, which was voluntarily dismissed by the plaintiffs in May.
For legal professionals, this case underscores the growing importance of biometric privacy laws like BIPA and the potential consequences for companies that fail to fully comply with these regulations. It also highlights the challenges that businesses may face in defending against class-action claims regarding data privacy, particularly when the plaintiffs can provide sufficient allegations of unlawful data collection practices.
