A proposed class action lawsuit claims that Casino Queen, Inc. failed to follow Illinois’ Biometric Information Privacy Act (BIPA) regulations before collecting and storing scans of customers’ faces.
The East St. Louis casino, the case alleges, used surveillance cameras equipped with facial recognition technology to scan and collect the facial geometry of patrons who visited the riverfront gaming operation. These scans were then stored in a database and used to identify customers on subsequent visits to the casino, the lawsuit explains.
According to the complaint, the BIPA was enacted in 2008 to protect Illinois residents’ sensitive biometric information, including identifiers such as retina or iris scans, fingerprints, voiceprints and scans of hand or face geometry. Citing the statute, the lawsuit notes that such information is unique to each individual and worthy of special protection due to its relative permanence:
“Biometrics are unlike other unique identifiers that are used to access finances or other sensitive information…For example, social security numbers, when compromised, can be changed. Biometrics, however, are biologically unique to the individual; therefore, once compromised, the individual has no recourse, is at heightened risk for identity theft, and is likely to withdraw from biometric-facilitated transactions.”
The case states that under the BIPA, companies such as the defendant are forbidden from collecting or storing individuals’ biometric identifiers unless the following conditions are met:
The individuals are notified in writing that their biometric identifiers will be collected and stored;
The individuals are notified in writing of the specific length of time and purpose for which their information will be used;
The company receives written releases from consumers authorizing the collection of their biometric information; and
The company publishes widely available retention schedules and guidelines outlining how the biometric information will be destroyed.
According to the case, the defendant ran afoul of these requirements by failing to notify patrons that their biometric information was being collected, or the purpose and length of time for which it would be stored. Furthermore, the complaint claims that the defendant never received written releases authorizing the collection of customers’ biometric identifiers and failed to publicly specify how the information would be destroyed.
The lawsuit seeks up to $5,000 per violation for individuals whose facial geometry was obtained by Casino Queen within the last five years.