Skip to main content
Menu Icon
Close

InfoBytes Blog

Financial Services Law Insights and Observations

Court addresses alternative theories of liability in BIPA class action

Privacy/Cyber Risk & Data Security Courts BIPA Class Action State Issues

Privacy, Cyber Risk & Data Security

On January 28, the U.S. District Court for the Northern District of Illinois denied a motion to reconsider and a motion to certify questions for appeal and stay proceedings pending appeal in a matter concerning class claims that an auto leasing company and its parent company (collectively, “defendants”) violated the Illinois Biometric Information Privacy Act (BIPA) by unlawfully collecting biometric fingerprint data without first receiving informed consent. The court previously denied the defendants’ motion to dismiss after concluding the plaintiff stated a BIPA claim against both defendants. However, the auto leasing company argued, among other things, that the parent company should not be held liable because it was never the plaintiff’s employer, did not control her work environment, and had nothing to do with the fingerprint timekeeping system. The court disagreed, finding that under BIPA, the plaintiff’s allegations of the parent company were not “legal conclusions,” and “control over employee timekeeping and privacy [] describes a relevant factual aspect of her personal experience working for defendants.” According to the court, “[t]his factual allegation raises the reasonable inference that [the parent company] administered the alleged fingerprint-scanning system, and in turn, plausibly suggests that [the parent company] collected, retained, and disseminated her fingerprints.” The parent company will have the opportunity to address alternative theories of liability while seeking summary judgment against the plaintiff or at trial, the court wrote.