A class action claims Universal Parks & Resorts Management violated Illinois biometric data law by collecting parkgoers' fingerprints without obtaining consent to do so and providing certain information.
Universal Parks & Resorts finds itself facing a proposed class action in Cook County circuit court over alleged violations of the Illinois Biometric Information Privacy Act (BIPA).
The plaintiff alleges that the entity behind the world-renowned Universal Orlando theme park “knowingly handles” the biometric data—fingerprints—of Illinois consumers to “control and track their access” to the park without first securing their informed written consent to do so and adhering to state regulations. According to the Illinois BIPA, a private entity may not obtain and/or possess an individual’s biometric data without first:
- Informing the individual in writing that biometric identifiers/information will be collected or stored;
- Informing the individual whose biometrics will be collected in writing of “the specific purpose and length of the term for which” biometric data is being collected, stored and used;
- Obtaining a written release from the individual whose biometrics are to be collected allowing for the capture and collection of biometric identifiers; and
- Publishing a publicly available retention schedule for permanently destroying biometric information.
At the time the plaintiff purchased his ticket, the defendant failed to inform him of the nature of its biometric collection practices, the suit says, as well as that he would be required to provide such as a condition of entry into Universal Orlando. The plaintiff alleges that it was only when he arrived at Universal Orlando and received a non-refundable, non-transferrable admission ticket that he was first informed his entry to the park was subject to a biometric scan.