Compass Group USA, Inc. faces a proposed class action lawsuit that claims the food services company illegally collected Illinois customers’ thumbprints from vending machines without adhering to state biometric privacy law.
Filed in Cook County Circuit Court, the lawsuit explains that the Illinois Biometric Information Privacy Act (BIPA) makes it illegal for a company to collect, capture, buy or otherwise obtain an individual’s biometric identifiers, such as fingerprints or facial scans, without first providing certain disclosures. In order to legally obtain an individual’s biometric data, an organization must first:
Inform the subject in writing that biometric information is being collected or stored;
Inform the subject in writing of the specific length of time and purpose for which their biometrics will be stored, collected and used; and
Receive a written release executed by the individual allowing their biometric data to be captured, collected and stored.
The lawsuit adds that the statute also requires companies to provide a publicly available retention schedule and guidelines outlining the permanent destruction of biometric data.
According to the complaint, the lead plaintiff’s fingerprint was scanned and subsequently stored in Compass Group’s database when she made a purchase from one of the company’s vending machines. The woman claims that in collecting her thumbprint, Compass Group USA failed to execute any of the BIPA’s directives, including informing her that her biometric data would be collected and stored.
The lawsuit looks to represent anyone who had a fingerprint or thumbprint scanned at one of the defendant’s biometric vending machines in Illinois during the applicable statutory period.