Skip to content

Holding Companies Accountable for Biometric Data Misuse

March 3, 2023

BIPA violation class action lawsuit

Have you ever been shopping online where you had the option of virtually trying the products? Whether it be clothing or household items, many ecommerce stores are offering this new technology for their potential customers.

But this often comes with a series of security issues and concerns, as the biometric data in these features can have far-reaching consequences. Companies might be collecting your biometric data without consent or notification, thus opening them up to be liable in terms of the Biometric Information Privacy Act (BIPA).

In this blog post we will explore the issue of BIPA virtual try-on class action lawsuits, as well as discuss how it is possible for consumers to hold companies accountable for biometric data misuse.

About BIPA and virtual try on

Before going any further, it is important to understand a few things about the BIPA. To start with, this is an Illinois state law that regulates the collection, use, storage, and disposal of biometric data, and which was put into practice in order to protect individuals in the state and beyond.

The BIPA was introduced due to the rapidly growing use of biometric technology in businesses and institutions. This has raised concerns about the potential misuse and abuse of this sensitive information.

As defined in the BIPA, biometric data includes any information that is based on an individual’s unique physical characteristics, such as fingerprints, facial recognition, and voiceprints. Thus for companies offering consumers a virtual try on feature, this could very well fall into the territory of BIPA.

BIPA thus requires companies and organizations to obtain informed consent from individuals before collecting or using their data, as well as require them to take appropriate measures to protect the sensitive information from unauthorized access or disclosure.

A recent example

The Estée Lauder Companies have come under scrutiny as recently as 2022, due to their virtual try on features on their website. Here they made it possible for customers to upload a photo of their face, or turn on their webcam to capture an image to be used for the virtual try on feature.

The lawsuit specifically stated that the company had failed to inform the plaintiff that the information would be collected and stored, and also failed obtaining written consent. Upon inspecting the website in question, the court found notices on the website, but judged them to be too inconspicuous, and thus the court upheld most of these claims, permitting the plaintiff to proceed.

The challenges of enforcing BIPA

While the BIPA law provides strong protections for individuals’ biometric data, enforcing the law can be challenging. Some companies may be unaware of the law, or may not take it seriously to begin with.

But furthermore, the law only applies to companies that collect biometric data in Illinois, which can make it difficult for individuals outside of the state to seek legal recourse. And while we saw a non-Illinois resident having success with her claim in the above example, that is not always the case.

Thus in order to protect the rights of the individual going forward, further legislation on a national level might be required in order to fully encompass all the potential issues with biometric data ending up in the wrong hands.

If you suspect you might have disclosed certain biometric data without being properly notified, you might be able to get compensation. Contact our professional legal team today and learn more about your options

Latest Posts