Sign up for more with a complimentary subscription to Today’s General Counsel magazine.
Walmart Facing BIPA Lawsuit
September 20, 2022
A class action has been filed in Illinois federal court alleging that Walmart’s practice of collecting, storing and using customers’ biometric information without obtaining their informed written consent violates the Illinois Biometric Information Privacy Act (BIPA). According to the lead plaintiff, Walmart stores in Illinois have cameras and advanced video surveillance systems that surreptitiously collect customers’ facial scans. Walmart allegedly uses Clearview AI software to match customers’ facial scans against scans in Clearview’s facial recognition database. BIPA requires companies to inform people in writing that their biometric information is being collected or stored, and the purpose and length of time for which it will be stored or used. It also prohibits leasing, selling or otherwise profiting from biometric data. The class action alleges Walmart violates this provision by sending customers’ facial data through the Clearview Biometric Database without their knowledge or consent. Many insurers have added specific BIPA exclusions to their D&O policies, some targeting specific industries or services, others excluding BIPA across the board on all accounts. Risk managers need to assess this exclusion and its potential impact. Defendants facing lawsuits alleging violations of biometric data privacy regulations might find coverage under D&O liability, employment practices liability or cyber liability policies, but existing exclusions might bar coverage. In 2018 and 2019, according to Seyfarth Shaw LLP, more than 200 class actions were filed charging violations of BIPA. Private company D&O policies typically exclude bodily injury and property damage, with wordings that may include “invasion of privacy.” That could preclude coverage for biometric data privacy lawsuits if plaintiffs allege invasion of privacy.
Share this post: