Many sports fans head to the game wishing to have their faces shown on the big screen hanging from the rafters. But a new lawsuit alleges one professional sports team went a step too far in capturing just what spectators look like.
The National Hockey League’s Chicago Blackhawks have been hit with a proposed class action claiming the team utilizes facial recognition technology at its home games in violation of Illinois biometric privacy law.
The lawsuit, filed in Cook County, Illinois, claims the team scans the facial geometries of attendees and then compares those scans to files stored in an internal database. As everyone’s facial shape is considered a unique and personal identifier, the lawsuit alleges the Blackhawks ran afoul of the Illinois Biometric Information Privacy Act (BIPA), which sets stringent disclosure rules for the collection, storage, use, sharing and destruction of a consumer’s fingerprints, facial scans and any other biometric identifier.
Real privacy concerns
The Illinois resident who filed the suit says he attended a Blackhawks game at Chicago’s United Center on December 18, 2018. According to the case, the team used its facial recognition technology to scan the plaintiff’s facial geometry from security camera footage and stored the man’s facial template in a database. Arguing that the Blackhawks “failed to take notice and follow the requirements” of the Illinois BIPA after its passage in 2008, the case says the plaintiff and others whose facial templates have been scanned by the team are at a heightened risk of identity theft and other cybercrimes.
At no point did the team inform the plaintiff in writing that his facial scan would be collected, the lawsuit claims, adding that the man was similarly not told of the purpose and length of time for which his biometric information would be stored. Moreover, the Blackhawks are alleged in the suit to have failed to establish a publicly available written policy outlining a retention schedule and guidelines for the permanent destruction of the plaintiff and other fans’ facial geometries in violation of the Illinois BIPA.
Briefing: The Illinois BIPA
Given that identifiers such as fingerprints and facial scans cannot be changed like passwords should they become compromised, the Illinois BIPA was rolled out nearly a dozen years ago as a first-of-its-kind law meant to protect citizens’ biometric information. In addition to facial scans, the law covers the collection, use, storage and destruction of fingerprints, retinal or iris scans, and voiceprints. The BIPA prohibits private entities from obtaining citizens’ biometric information without first:
Stating in writing that the individual’s information will be collected or stored;
Stating in writing the purpose and length of time for which the individual’s biometric data will be collected, stored and used;
Receiving written consent from the citizen allowing for the collection and storage of their biometric information; and
Publishing a publicly available retention schedule detailing how and when the citizen’s biometric information will be permanently destroyed.
Beyond these protections, the BIPA allows for Illinois residents to bring litigation against any entity that does not adhere to the law, permitting the collection of $5,000 in damages should a company be found to have violated the law intentionally or recklessly.
Who does the lawsuit look to cover?
The case looks to cover those who had their facial geometry scans collected or possessed by the Chicago Blackhawks in Illinois between October 15, 2014 and the present. According to the suit, the exact number of proposed class members can be deduced from the Blackhawk’s attendance records.
What if I don’t live in Illinois?
For now, Illinois, along with Texas and Washington, happens to have the strongest biometric privacy protections. As we’ve previously covered, however, lawmakers in a number of other states have proposed new laws aiming to protect citizens’ biometric privacy, while others have amended existing ones. At any rate, the Illinois law was considered by many to have passed an important test when Facebook in January agreed to pay $550 million to settle a class action over alleged BIPA violations.
As it exists now, the wave of BIPA lawsuits, filed almost exclusively in state court, has concerned only the alleged conduct of companies that do business in Illinois. It could very well be the case in the future, though, that ClassAction.org begins to see lawsuits filed in more and more states over alleged biometric privacy abuses. So, keep your eye out in the future as the push for biometric privacy rolls on.
The lawsuit can be read below.
Want class action news sent to your inbox? Sign up for ClassAction.org’s newsletter here.