WeWork allegedly uses facial scans to track people in its shared office spaces without informed written consent, in violation of the Illinois Biometric Information Privacy Act, according to a class complaint in Illinois state court.
“When individuals arrive at a WeWork office space, each Defendant requires them to have their facial geometry scanned to enroll them in We Work’s database(s),” plaintiff Elliot Osborne alleges.
The lawsuit highlights the risks for gig economy companies in gathering Illinois residents’ biometric data. Most Illinois biometric privacy cases are filed by employees against their employers for using fingerprint time-keeping systems and other biometric identifiers to track employee movement without the required consent.
WeWork collects the biometric data without getting informed written consent, Osborne alleged in his Nov. 5 complaint.
BIPA allows for $1,000 to $5,000 in statutory damages per violation. That could mean significant liability for WeWork, depending on the size of the potential class and the viability of the plaintiff’s claims.
“Any business operating in Illinois that collects biometric data from its employees, customers, or other third parties risks substantial monetary exposure if it does not comply with the requirements of” BIPA, Phillip Schreiber, privacy partner at Holland and Knight LLP in Chicago, said.
A January Illinois Supreme Court ruling in Rosenbach v. Six Flags Entertainment Corp. could help such lawsuits survive early challenges. The state high court ruled that individuals can bring BIPA claims without showing they were harmed by the biometric collection. Plaintiffs only have to show that a defendant violated their legal rights under BIPA.
“Rosenbach has made it much easier to get it past initial challenges,” Mary Smigielski, a privacy partner at Lewis Brisbois Bisgaard & Smith LLP in Chicago, said. The case also has increased the number of BIPA class actions filed, she said.
But beating an early dismissal battle doesn’t mean a plaintiff ultimately will win a BIPA case, privacy attorneys said.
“There remain many open issues that have yet to be decided by the courts and which could prove fatal to many BIPA claims,” Schreiber said. Questions still swirl around what constitutes biometric information under the law, he said.
Defendants in BIPA cases can challenge the statute of limitations, whether alleged biometric privacy violations can be remediated, and the overall definition of biometric identifiers, Joel Hammerman, litigation partner at Faegre Baker Daniels LLP in Chicago, said. Questions about whether companies “collected or distributed or transmitted” biometric identifiers under the law are likely to be litigated, he said.
Cause of Action: Violations of the Illinois Biometric Information Privacy Act
Relief Requested: Declaratory relief, injunctive relief, statutory damages, and attorney’s costs
Response: “WeWork does not use facial recognition technology to monitor people in our locations. We consider privacy to be a fundamental right and we are committed to protecting the privacy of our members. We intend to fight this lawsuit,” a company spokesman said.
Attorneys: Stephan Zouras LLP represents the plaintiffs. Attorneys for WeWork couldn’t be immediately identified.
The case is Elliot v. WeWork Cos., Ill. Cir. Ct., No. 2019-CH-12856, complaint 11/5/19.