Illinois McDonald’s Enter $50 Million Settlement for Alleged BIPA Violation

Written by: Brock Wolf, Esq.

Illinois’ Biometric Information Privacy Act (“BIPA”) is arguably the nation’s strictest when it comes to biometric information. Biometric information protected by BIPA includes fingerprints, retina or iris scans, hand scans, facial recognition, DNA and other unique biological information.

Passed in 2008, BIPA requires that before companies may collect or otherwise obtain biometric information, it must first inform the individual in writing (1) that biometric information is being collected and stored, and (2) of the specific purpose and length of time that such information will be collected, stored and used. Additionally, businesses must receive a written release executed by the individual authorizing such use. Businesses must also refrain from selling or otherwise profiting from biometric data without prior consent.

BIPA notably creates a private right of action for consumers, who can sue for damages of $1,000 for negligent violations of BIPA and $5,000 for intentional or reckless violations of BIPA. Prevailing plaintiffs may also receive attorneys’ fees and costs and injunctive relief. The private right of action has paved the way for hundreds of class action lawsuits.

Employees of McDonald’s in Illinois are among the latest to bring suit under the law. In November 2021, a $50 million dollar class action settlement was given preliminary court approval. The lawsuit names McDonald’s Corp., McDonald’s USA LLC, McDonald’s Restaurants of Illinois Inc. and various McDonald’s franchisees as defendants.

The lawsuit alleges that McDonalds restaurants in Illinois had software and systems in place that collected employee biometric information upon login. The defendants allegedly did not provide required disclosures under BIPA nor obtain consent. Potential class members had until February 9, 2022 to submit a claim, object or opt out of the settlement. The final approval hearing in the settlement will take place on February 25, 2022.

Businesses that operate in Illinois should remain wary of their biometric data practices. While innovative technologies that rely on biometric data may streamline processes or save costs, businesses need to ensure that they are adequately disclosing the collection and use of such information, as well as obtaining adequate consent.