Plaintiffs Johnny Flores, Ariel Gomez, and Derrick Lewis filed a class action complaint against Motorola and Vigilant Solutions for violating Illinois Biometric Information Privacy Act (BIPA). The complaint was filed in the Illinois Northern District Court. Plaintiffs are represented by Loevy & Loevy.
“Once a picture of a person’s face is scanned and those biometric measurements are captured, computers can store that information and use it to identify that individual any other time that person’s face appears on the internet, in a scanned picture, and potentially in any of the billions of cameras that are constantly monitoring our daily lives.” Illinois has found that “[b]iometrics are unlike other unique identifiers that are used to access finances or other sensitive information. For example, social security numbers, when compromised, can be changed. Biometrics, however, are biologically unique to the individual; therefore, once compromised, the individual has no recourse, is at heightened risk for identity theft, and is likely to withdraw from biometric-facilitated transactions.”
BIPA prevents companies and other entities from “collecting, capturing, obtaining, disclosing, redisclosing, disseminating or profiting from the biometric identifiers or information of an individual without providing written notice and without obtain[ing] a written release from the impacted individual or his authorized representative. BIPA also requires private entities in possession of biometric identifiers to adopt retention and destruction policies and to take measures to prevent the release of that information.”
Motorola and Vigilant allegedly “collected, captured, obtained, disclosed, redisclosed, disseminated and profited” from facial scans of Illinois citizens. They created a “‘gallery’ of over 18 million booking photos or ‘mugshots’ which is expanding all the time.” These images include those who are innocent, who have an expunged record, as well as those who were found guilty. For example, Plaintiff Derrick Lewis “was incarcerated…including on charges of which he was innocent and convictions which have been vacated on the basis of innocence and expunged. Those entities made his and all detainees’ booking photograph(s) searchable on their website.” His biometrics were used without his permission as a result of his arrest. Law enforcement can now search for his pictures, despite his innocence.
Motorola and Vigilant stored the biometric scans in a database, without publicly available information about the policies for the database, which is required in BIPA. Defendants also did not inform individuals that their biometrics were being collected and for what purpose, nor did they obtain consent. These items are required by BIPA.
These companies have also profited from individuals’ biometrics. The database is used as a “facial search engine” by various law enforcement agencies for a fee. The database is used in “other facial recognition products thereby allowing the identification and tracking in real time and near-real time of millions of people…wherever they may go.” Further, “[t]o be included in Defendants’ Biometric Database, a person merely had to have been arrested. To Defendants, it did not and does not matter whether that arrest resulted in a conviction or had been made in error or whether the booking photo has been expunged.” When a user uploaded a “probe image” to the database, the app’s algorithm creates a facial map for the probe and compares it to the other images in the database.
Plaintiffs have sought an award for damages including statutory and punitive damages, an order requiring the biometrics to be deleted, an award for equitable, injunctive and declaratory relief, a fund to divest the unjust enrichment, and other forms of relief.