chevron-down Created with Sketch Beta.

Business Law Today

February 2022

February 2022 in Brief: Internet Law & Cyber-Security

Juliet Marie Moringiello and Sara Beth Kohut

February 2022 in Brief: Internet Law & Cyber-Security
spainter_vfx - stock.adobe.com

Jump to:

Fourth Circuit Upholds Warrantless Search of Cell Phone Data, Citing Exigent Circumstances

By Chey Goodman, Drexel University’s Thomas R. Kline School of Law

In United States v. Hobbs, 24 F.4th 965 (4th Cir. 2022), the Fourth Circuit affirmed denial of a defendant’s motion to suppress evidence obtained through a warrantless search of his cell phone location data and call logs.

On February 3, 2018, the defendant broke into his ex-girlfriend’s home to remove a television. While there, he brandished a handgun and threatened to “kill [her], her daughter, and other family members, and stated that if she contacted the police, he would also kill any responding officers.” Id. at 2. When speaking to a detective about the incident, the ex-girlfriend warned that the defendant was “obsessed” with firearms. Upon this, police used an exigent form to obtain “pings” of defendant’s cell phone location and call logs, which they then used to apprehend him in a traffic stop a few hours later. Defendant fled in his car, eventually crashing into a parked vehicle where he was arrested, and a loaded handgun was recovered from the scene. He was charged and convicted of being a felon in possession of a firearm under 18 U.S.C. § 922(g).

The defendant moved to suppress evidence of the firearm because police use of his cell phone data was not justified under the exigent circumstances exception to the warrant requirement. The district court was not persuaded, holding that the officer’s conclusion that justifying exigent circumstances existed was reasonable based on the information provided by the ex-girlfriend. On appeal, the defendant further asserted (1) that he posed no danger to anyone after he obtained the television he was initially seeking; and (2) the lower court erred in failing to instruct the jury of the requirement that defendant knew he was a felon at the time of the offense.

The Court of Appeals found that exigent circumstances justified the search because, inter alia, (1) the defendant—who had a violent criminal history including two felony convictions—had threatened imminent harm to multiple people, including any law enforcement officer who may try to apprehend him; and (2) the phone company in question had a reputation for being slow to respond to warrants, but quick to respond to exigent circumstances requests. Additionally—though conceding that the lower court plainly erred in its jury instruction—the Court of Appeals declined to vacate defendant’s conviction because he did not meet his burden of showing that the error affected his substantial rights such that, but for the error, there was a reasonable probability the outcome of the proceeding would have been different. Accordingly, the Court of Appeals affirmed in full.

Biometric Information Privacy Act – Critical Interactions with Workers’ Compensation Act

By Alan S. Wernick, Esq., Aronberg Goldgehn

February 2022 saw several court decisions concerning the Illinois Biometric Information Privacy Act (“BIPA”) (740 ILCS 14/1 et seq.). One state court decision looks at the exclusivity provisions of the Illinois Workers’ Compensation Act in light of BIPA. This article provides a brief review of this case and concludes with some thoughts for business leaders regarding their BIPA compliance and potential liabilities.

BIPA and Workers’ Compensation

In a February 3, 2022, decision, the Illinois Supreme Court held that the exclusivity provisions of the Illinois Workers’ Compensation Act (“Compensation Act”) (820 ILCS 305/1 et seq.) do not bar a claim for statutory damages under the Biometric Information Privacy Act (“BIPA”) where an employer is alleged to have violated an employee’s statutory privacy rights under BIPA.

The plaintiff (employee) in McDonald v. Symphony Bronzeville Park, LLCet al., 2022 WL 318649 (Illinois Supreme Court, 20220203) was seeking damages under BIPA and attempting to form a class. The defendants (the employer) filed a motion to dismiss the plaintiff’s class action complaint, asserting, inter alia, that plaintiff and the putative class’s alleged claims were barred by the exclusive remedy provisions of the Compensation Act. Defendant argued that the Compensation Act is the exclusive remedy for accidental injuries transpiring in the workplace and that an employee has no common-law or statutory right to recover civil damages from an employer for injuries incurred in the course of her employment.

In its analysis the Illinois Supreme Court stated, “The personal and societal injuries caused by violating the Privacy Act’s prophylactic requirements are different in nature and scope from the physical and psychological work injuries … compensable under the Compensation Act. The Privacy Act involves prophylactic measures to prevent compromise of an individual’s biometrics. Rosenbach, 2019 IL 123186, ¶ 36 [432 Ill.Dec. 654, 129 N.E.3d 1197]. McDonald’s [plaintiff] claim seeks redress for the lost opportunity ‘to say no by withholding consent.’ Id. ¶ 34. McDonald alleges that Bronzeville [employer] has violated her and the class’s right to maintain their biometric privacy. See id.” (For a more detailed discussion, see “Biometric Information – Permanent Personally Identifiable Information Risk” at http://bit.ly/BIP-PII-RISK-ABA-BUS-CORP-LIT20190702.)

The Illinois Supreme Court distinguished the different purposes of the Compensation Act and BIPA and commented on the legislative intent (at 2022 IL 126511, ¶ 48):

We are cognizant of the substantial consequences the legislature intended as a result of Privacy Act violations. Pursuant to the Privacy Act, the General Assembly has adopted a strategy to limit the risks posed by the growing use of biometrics by businesses and the difficulty in providing meaningful recourse once a person’s biometric identifiers or biometric information has been compromised. Rosenbach [supra], 2019 IL 123186, ¶ 35; … “It is clear that the legislature intended for this provision to have substantial force.” [Rosenbach supra at 2019 IL 123186], ¶ 37.

Conclusion

The bottom line is that employers using, or planning to use, biometric devices (timeclocks, facial recognition, etc.) in the workplace need to be aware of the biometric privacy legislation applicable to the jurisdictions where they do business and where their employees (and others interacting with those devices) reside. In particular, employers subject to a Workers’ Compensation Act need to understand their compliance responsibilities when using biometric devices and the relationship to their employee’s rights, and the business’s potentially significant liabilities under BIPA-type legislation.

Biometric Information Privacy Act – Critical Interactions with Collective Bargaining Agreements

By Alan S. Wernick, Esq., Aronberg Goldgehn

February 2022 saw several court decisions concerning the Illinois Biometric Information Privacy Act (“BIPA”) (740 ILCS 14/1 et seq.). One state court decision examines Section 301 of the Labor Management Relations Act (29 U.S.C. §185) and how BIPA reflects on collective bargaining agreements. This article provides a brief review of this case and concludes with some thoughts for business leaders regarding BIPA compliance and potential liabilities.

BIPA and Collective Bargaining Agreements

In a February 22, 2022, decision, the Appellate Court of Illinois, First District, held that plaintiff (union employee) and his fellow unionized employees are not prohibited from pursuing redress for a violation of their right under BIPA to biometric privacy—they are simply required to pursue those rights first through the grievance procedures in their collective bargaining agreement rather than in state court. In essence, the Illinois Appellate Court determined that a union member-employee (plaintiff) “cannot bypass his union, his sole and exclusive bargaining agent,” to demand that the employer “deal with him directly” on the issue of biometric privacy.

The plaintiff in William Walton, Individually and on Behalf of Others Similarly Situated, v. Roosevelt University, 2022 WL 522760 (Appellate Court of Illinois, 1st District, 2nd Division, 20220222) alleged claims under BIPA. The defendant argued that the claims asserted by the plaintiff are preempted and moved to dismiss the complaint. The circuit court denied the motion to dismiss but certified the relevant question (“Does Section 301 of the Labor Management Relations Act (29 U.S.C. § 185) preempt [Privacy Act] claims (740 ILCS 14/1) asserted by bargaining unit employees covered by a collective bargaining agreement?”) for interlocutory review.

The Illinois Court of Appeals noted that while the Walton appeal was pending, the U.S. Court of Appeals for the Seventh Circuit directly addressed the question in this appeal. In Fernandez v. Kerry, Inc., 14 F.4th 644, 646-47 (7th Cir. 2021), the U.S. court of appeals found that unionized employees’ claims that their employer violated BIPA were preempted by the Labor Management Relations Act (29 U.S.C. § 185). Walton (plaintiff) conceded at oral argument that the relevant factual and legal circumstances of this case were indistinguishable from Fernandez, so, as noted by the Court, the Court’s real objective in this appeal was to determine whether the court of appeals’ ruling on a matter of federal law was wrongly decided in such a way that the Court would deem it to be without logic and reason. (For a more detailed discussion, see “Biometric Information Privacy Act and Collective Bargaining Agreements.”)

In answering the certified question, the Illinois Court of Appeals held:

Walton and his fellow unionized employees are not prohibited from pursuing redress for a violation of their right to biometric privacy—they are simply required to pursue those rights through the grievance procedures in their collective bargaining agreement rather than in state court in the first instance. Walton cannot bypass his union, his sole and exclusive bargaining agent, to demand that Roosevelt deal with him directly on this issue. Walton comes to the court attempting to represent a class of similarly situated employees over a workplace grievance, but that is a place for his union, not Walton himself. Federal law prevents state courts from stepping in and usurping the bargained-for dispute resolution framework where the parties have elected to establish a working relationship that comes within the purview of the Labor Management Relations Act. Accordingly, we answer the certified question in the affirmative and find that Privacy Act claims asserted by bargaining unit employees covered by a collective bargaining agreement are preempted under federal law.

Conclusion

The bottom line is that employers using, or planning to use, biometric devices (timeclocks, facial recognition, etc.) in the workplace need to be aware of the biometric privacy legislation applicable to the jurisdictions where they do business and where their employees (and others interacting with those devices) reside. In particular, employers subject to a collective bargaining agreement under the Labor Management Relations Act (29 U.S.C. § 185 (2018)) need to understand their compliance responsibilities when using biometric devices and the relationship to their employee’s rights, and the business’s potentially significant liabilities under BIPA-type legislation.

    Authors