Eataly Chicago Hit with Biometric Privacy Suit Over Employee Fingerprint Scans [UPDATE]
by Erin Shaak
Last Updated on March 19, 2021
Torres v. Eataly Chicago, LLC
Filed: October 22, 2020 ◆§ 2020CH06417
A lawsuit claims Eataly Chicago has overstepped an Illinois privacy law by collecting employees’ fingerprints without first providing proper disclosures.
Illinois
Case Updates
March 15, 2021 – New Lawsuit Filed
Eataly Chicago has been hit with another lawsuit over its apparent practice of requiring workers to scan their fingerprints to access registers.
Per the lawsuit out of Illinois state court, the defendant overstepped the Illinois Biometric Information Privacy Act by collecting employees’ biometric information without obtaining their informed written consent or providing data retention and destruction policies.
The plaintiff, who worked for Eataly since its biometric register system was implemented in July 2016 and until she left in March 2020, says that if the defendant’s fingerprint database “were to fall into the wrong hands,” employees would be at risk of having their identities stolen, among “other serious issues.”
The lawsuit looks to cover anyone whose fingerprints were collected, captured, received or otherwise obtained or stored by the defendant in Illinois.
A proposed class action claims the operator of Eataly Chicago has overstepped an Illinois privacy law by collecting employees’ fingerprints without first providing proper disclosures.
Filed in Cook County Circuit Court, the lawsuit alleges employees of the downtown Chicago Italian marketplace are required as a condition of employment to have their fingerprints scanned into a biometric timekeeping system and point of sale system in order to track work hours and verify their identities when operating cash registers.
The suit alleges, however, that defendant Eataly Chicago, LLC has exposed workers to “serious and irreversible privacy risks” by collecting, storing and disseminating their biometric identifiers—i.e., fingerprints—without meeting the disclosure requirements of the Illinois Biometric Information Privacy Act (BIPA).
Per the complaint, the defendant has run afoul of the BIPA by failing to:
- Properly inform workers in writing of the specific purpose and length of time for which their biometric information was being collected, stored and used;
- Obtain a written release from workers to collect, store, disseminate or otherwise use their fingerprints;
- Obtain consent from workers to disclose, redisclose, or otherwise disseminate their biometric data to a third party; and
- Develop and adhere to a publicly available retention schedule and guidelines for permanently destroying workers’ fingerprint data.
The plaintiff, who worked in several positions for Eataly Chicago between April 2017 and April 2019, says she and similarly situated workers were required to scan their fingerprints each time they clocked in and out for their shifts. Moreover, employees who worked at the cash registers or POS systems had to scan their fingerprints as a means of authentication in order to access the system or override transactions, the suit relays.
Per the complaint, Eataly Chicago shares workers’ fingerprint data with at least one third-party biometric timekeeping and authentication vendor and “likely others.”
The lawsuit argues that the defendant’s failure to adhere to the BIPA’s data collection requirements “raise[s] a material risk” that the workers’ biometric data will be unlawfully accessed by third parties if, say, the defendant or its third-party vendors merge with another company or declare bankruptcy.
The plaintiff contends that “no amount of time or money” can compensate her should her biometric information be compromised due to Eataly Chicago’s “lax” data collection procedures. Per the complaint, the plaintiff would have never provided her fingerprints to the defendant had she known the company would “retain such information for an indefinite period of time without her consent.”
Get class action lawsuit news sent to your inbox – sign up for ClassAction.org’s newsletter here.
Before commenting, please review our comment policy.