Microsoft Unlawfully Stored Illinois Workers’ Fingerprints on Azure Databases, Class Action Alleges
by Erin Shaak
Jones v. Microsoft Corporation
Filed: May 26, 2022 ◆§ 2022CH05145
A lawsuit looks to hold Microsoft responsible for the allegedly unlawful storage of Illinois residents’ biometric information on the Azure platform.
A proposed class action looks to hold Microsoft responsible for the allegedly unlawful collection of Illinois residents’ biometric information by employers who use timekeeping software supported by the tech giant’s Azure cloud storage platform.
The 17-page case states that biometric timekeeping services, through which employees scan their fingerprints or other unique identifiers to clock in and out for work, are among the customers who use Microsoft’s Azure cloud storage platform to store and access data. Because Microsoft maintains biometric information, including fingerprints, in its data centers, such as the one located in Northlake, Illinois, the tech giant is subject to the state’s Biometric Information Privacy Act (BIPA), the lawsuit says.
Per the suit, Microsoft has nevertheless unlawfully stored and profited from Illinois residents’ fingerprint data without satisfying the BIPA’s consent and disclosure requirements.
The lawsuit claims that one biometric timekeeping provider who uses the Azure cloud database is Paychex, Inc. According to the case, Paychex’s entire suite of apps is supported by Azure’s cloud-computing service and stored in Microsoft’s data centers. The lawsuit relays that Paychex has collected and stored the biometrics of roughly 80,000 employees in Illinois through Microsoft’s Azure technology.
According to the case, Microsoft has nevertheless failed to obtain Illinois residents’ written consent before collecting their biometric information, as required by the BIPA. Moreover, the tech giant has further violated the state privacy law by failing to develop a publicly available retention schedule and guidelines for the permanent destruction of consumers’ biometric data, the lawsuit says.
Finally, the case claims that Microsoft has unlawfully profited from Illinois residents’ biometrics in that it was paid by clients for their access to and use of the Azure cloud computing services.
The plaintiff in the suit says she was required to scan her fingerprint for timekeeping purposes while working for Chicago Marriott Suites from October 2015 to roughly six years later. Per the complaint, the plaintiff’s employer used Paychex as its biometric timekeeping service provider. Although the plaintiff’s fingerprint data was stored on Microsoft’s Azure database, the defendant never obtained consent to collect her sensitive information and failed to meet the BIPA’s other requirements pertaining to the use of residents’ biometric data, the lawsuit claims.
The suit looks to cover anyone whose biometrics were captured, collected, stored, used, transmitted or disseminated by an employer using timekeeping software hosted on Microsoft’s Azure service within Illinois at any time within the applicable statute of limitations period.
Get class action lawsuit news sent to your inbox – sign up for ClassAction.org’s newsletter here.
Camp Lejeune residents now have the opportunity to claim compensation for harm suffered from contaminated water.
Read more here: Camp Lejeune Lawsuit Claims
Sign Up For
New cases and investigations, settlement deadlines, and news straight to your inbox.
Before commenting, please review our comment policy.