A proposed class action claims the operator of Eataly Chicago has overstepped an Illinois privacy law by collecting employees’ fingerprints without first providing proper disclosures.
Filed in Cook County Circuit Court, the lawsuit alleges employees of the downtown Chicago Italian marketplace are required as a condition of employment to have their fingerprints scanned into a biometric timekeeping system and point of sale system in order to track work hours and verify their identities when operating cash registers.
The suit alleges, however, that defendant Eataly Chicago, LLC has exposed workers to “serious and irreversible privacy risks” by collecting, storing and disseminating their biometric identifiers—i.e., fingerprints—without meeting the disclosure requirements of the Illinois Biometric Information Privacy Act (BIPA).
Per the complaint, the defendant has run afoul of the BIPA by failing to:
Properly inform workers in writing of the specific purpose and length of time for which their biometric information was being collected, stored and used;
Obtain a written release from workers to collect, store, disseminate or otherwise use their fingerprints;
Obtain consent from workers to disclose, redisclose, or otherwise disseminate their biometric data to a third party; and
Develop and adhere to a publicly available retention schedule and guidelines for permanently destroying workers’ fingerprint data.
The plaintiff, who worked in several positions for Eataly Chicago between April 2017 and April 2019, says she and similarly situated workers were required to scan their fingerprints each time they clocked in and out for their shifts. Moreover, employees who worked at the cash registers or POS systems had to scan their fingerprints as a means of authentication in order to access the system or override transactions, the suit relays.
Per the complaint, Eataly Chicago shares workers’ fingerprint data with at least one third-party biometric timekeeping and authentication vendor and “likely others.”
The lawsuit argues that the defendant’s failure to adhere to the BIPA’s data collection requirements “raise[s] a material risk” that the workers’ biometric data will be unlawfully accessed by third parties if, say, the defendant or its third-party vendors merge with another company or declare bankruptcy.
The plaintiff contends that “no amount of time or money” can compensate her should her biometric information be compromised due to Eataly Chicago’s “lax” data collection procedures. Per the complaint, the plaintiff would have never provided her fingerprints to the defendant had she known the company would “retain such information for an indefinite period of time without her consent.”
Get class action lawsuit news sent to your inbox – sign up for ClassAction.org’s newsletter here.