Biometric Information Privacy Act – Critical Interactions with Workers’ Compensation Act
By Alan S. Wernick, Esq., Aronberg Goldgehn
February 2022 saw several court decisions concerning the Illinois Biometric Information Privacy Act (“BIPA”) (740 ILCS 14/1 et seq.). One state court decision looks at the exclusivity provisions of the Illinois Workers’ Compensation Act in light of BIPA. This article provides a brief review of this case and concludes with some thoughts for business leaders regarding their BIPA compliance and potential liabilities.
BIPA and Workers’ Compensation
In a February 3, 2022, decision, the Illinois Supreme Court held that the exclusivity provisions of the Illinois Workers’ Compensation Act (“Compensation Act”) (820 ILCS 305/1 et seq.) do not bar a claim for statutory damages under the Biometric Information Privacy Act (“BIPA”) where an employer is alleged to have violated an employee’s statutory privacy rights under BIPA.
The plaintiff (employee) in McDonald v. Symphony Bronzeville Park, LLC, et al., 2022 WL 318649 (Illinois Supreme Court, 20220203) was seeking damages under BIPA and attempting to form a class. The defendants (the employer) filed a motion to dismiss the plaintiff’s class action complaint, asserting, inter alia, that plaintiff and the putative class’s alleged claims were barred by the exclusive remedy provisions of the Compensation Act. Defendant argued that the Compensation Act is the exclusive remedy for accidental injuries transpiring in the workplace and that an employee has no common-law or statutory right to recover civil damages from an employer for injuries incurred in the course of her employment.
In its analysis the Illinois Supreme Court stated, “The personal and societal injuries caused by violating the Privacy Act’s prophylactic requirements are different in nature and scope from the physical and psychological work injuries … compensable under the Compensation Act. The Privacy Act involves prophylactic measures to prevent compromise of an individual’s biometrics. Rosenbach, 2019 IL 123186, ¶ 36 [432 Ill.Dec. 654, 129 N.E.3d 1197]. McDonald’s [plaintiff] claim seeks redress for the lost opportunity ‘to say no by withholding consent.’ Id. ¶ 34. McDonald alleges that Bronzeville [employer] has violated her and the class’s right to maintain their biometric privacy. See id.” (For a more detailed discussion, see “Biometric Information – Permanent Personally Identifiable Information Risk” at http://bit.ly/BIP-PII-RISK-ABA-BUS-CORP-LIT20190702.)
The Illinois Supreme Court distinguished the different purposes of the Compensation Act and BIPA and commented on the legislative intent (at 2022 IL 126511, ¶ 48):
We are cognizant of the substantial consequences the legislature intended as a result of Privacy Act violations. Pursuant to the Privacy Act, the General Assembly has adopted a strategy to limit the risks posed by the growing use of biometrics by businesses and the difficulty in providing meaningful recourse once a person’s biometric identifiers or biometric information has been compromised. Rosenbach [supra], 2019 IL 123186, ¶ 35; … “It is clear that the legislature intended for this provision to have substantial force.” [Rosenbach supra at 2019 IL 123186], ¶ 37.
Conclusion
The bottom line is that employers using, or planning to use, biometric devices (timeclocks, facial recognition, etc.) in the workplace need to be aware of the biometric privacy legislation applicable to the jurisdictions where they do business and where their employees (and others interacting with those devices) reside. In particular, employers subject to a Workers’ Compensation Act need to understand their compliance responsibilities when using biometric devices and the relationship to their employee’s rights, and the business’s potentially significant liabilities under BIPA-type legislation.
Biometric Information Privacy Act – Critical Interactions with Collective Bargaining Agreements
By Alan S. Wernick, Esq., Aronberg Goldgehn
February 2022 saw several court decisions concerning the Illinois Biometric Information Privacy Act (“BIPA”) (740 ILCS 14/1 et seq.). One state court decision examines Section 301 of the Labor Management Relations Act (29 U.S.C. §185) and how BIPA reflects on collective bargaining agreements. This article provides a brief review of this case and concludes with some thoughts for business leaders regarding BIPA compliance and potential liabilities.
BIPA and Collective Bargaining Agreements
In a February 22, 2022, decision, the Appellate Court of Illinois, First District, held that plaintiff (union employee) and his fellow unionized employees are not prohibited from pursuing redress for a violation of their right under BIPA to biometric privacy—they are simply required to pursue those rights first through the grievance procedures in their collective bargaining agreement rather than in state court. In essence, the Illinois Appellate Court determined that a union member-employee (plaintiff) “cannot bypass his union, his sole and exclusive bargaining agent,” to demand that the employer “deal with him directly” on the issue of biometric privacy.
The plaintiff in William Walton, Individually and on Behalf of Others Similarly Situated, v. Roosevelt University, 2022 WL 522760 (Appellate Court of Illinois, 1st District, 2nd Division, 20220222) alleged claims under BIPA. The defendant argued that the claims asserted by the plaintiff are preempted and moved to dismiss the complaint. The circuit court denied the motion to dismiss but certified the relevant question (“Does Section 301 of the Labor Management Relations Act (29 U.S.C. § 185) preempt [Privacy Act] claims (740 ILCS 14/1) asserted by bargaining unit employees covered by a collective bargaining agreement?”) for interlocutory review.
The Illinois Court of Appeals noted that while the Walton appeal was pending, the U.S. Court of Appeals for the Seventh Circuit directly addressed the question in this appeal. In Fernandez v. Kerry, Inc., 14 F.4th 644, 646-47 (7th Cir. 2021), the U.S. court of appeals found that unionized employees’ claims that their employer violated BIPA were preempted by the Labor Management Relations Act (29 U.S.C. § 185). Walton (plaintiff) conceded at oral argument that the relevant factual and legal circumstances of this case were indistinguishable from Fernandez, so, as noted by the Court, the Court’s real objective in this appeal was to determine whether the court of appeals’ ruling on a matter of federal law was wrongly decided in such a way that the Court would deem it to be without logic and reason. (For a more detailed discussion, see “Biometric Information Privacy Act and Collective Bargaining Agreements.”)
In answering the certified question, the Illinois Court of Appeals held:
Walton and his fellow unionized employees are not prohibited from pursuing redress for a violation of their right to biometric privacy—they are simply required to pursue those rights through the grievance procedures in their collective bargaining agreement rather than in state court in the first instance. Walton cannot bypass his union, his sole and exclusive bargaining agent, to demand that Roosevelt deal with him directly on this issue. Walton comes to the court attempting to represent a class of similarly situated employees over a workplace grievance, but that is a place for his union, not Walton himself. Federal law prevents state courts from stepping in and usurping the bargained-for dispute resolution framework where the parties have elected to establish a working relationship that comes within the purview of the Labor Management Relations Act. Accordingly, we answer the certified question in the affirmative and find that Privacy Act claims asserted by bargaining unit employees covered by a collective bargaining agreement are preempted under federal law.
Conclusion
The bottom line is that employers using, or planning to use, biometric devices (timeclocks, facial recognition, etc.) in the workplace need to be aware of the biometric privacy legislation applicable to the jurisdictions where they do business and where their employees (and others interacting with those devices) reside. In particular, employers subject to a collective bargaining agreement under the Labor Management Relations Act (29 U.S.C. § 185 (2018)) need to understand their compliance responsibilities when using biometric devices and the relationship to their employee’s rights, and the business’s potentially significant liabilities under BIPA-type legislation.