WBE filed suit in the Circuit Court of Cook County against Servall Biometrics, makers of “Patronscan” hardware and software, Norman v. Servall Biometrics d/b/a Patronscan, 2023-CH-02874, on March 24, 2023. Plaintiff, in a putative class action, alleges that the company illegally violates patrons’ privacy rights under the Illinois Biometric Information Privacy Act (BIPA) by collecting, using, storing, and sharing patrons’ facial scans without giving proper disclosures and obtaining patrons’ written informed consent.
If you or someone you know has been subject to a facial scan from a Patronscan device as a means of identity verification at a bar, marijuana dispensary, event venue, concert hall, sports arena, or car dealership, contact WBE to discuss joining the Patronscan biometric privacy lawsuit.
Patronscan has moved beyond the realm of traditional facial-recognition software, and examines and captures thousands of data points and pixels to run a patron’s facial scan and ID against its growing database of more than 50,000 criminals, “troublemakers,” and “V.I.P.’s”
Patronscan readily admits that it retains the biometric data of customers for inclusion in its flagged database, advertising the service as the equivalent of a “bouncer that never forgets a face,” which violates BIPA when the screener isn’t providing sufficient disclosures. And in the regular course of its business, Patronscan may share captured biometric data of patrons with third-party customers, including the business itself, or law enforcement officials without a warrant or subpoena, which also violates BIPA. Patronscan flagrantly tramples on the privacy rights of individuals in Illinois by so doing without disclosures sufficiently informing any given patron of how their biometric data will be maintained, used, and potentially employed for profit.
Understanding Your Privacy Rights Under BIPA
The State of Illinois enacted BIPA in 2008, with the purpose of serving public welfare, security, and safety by regulating the collection, use, safeguarding, handling, storage, retention, and destruction of biometric identifiers and information. These identifiers can include retina or iris scans, fingerprints, voice recognition, or scans of facial geometry. The legislation recognized that the consequences of biometric technology are not fully known, and once compromised, an individual is left with no recourse.
BIPA addresses these dangers by providing a right of action to any person who is subjected to a violation of the Act within the State of Illinois. Violations of BIPA can include:
- Collecting and capturing biometric information before first informing the subject in writing that a biometric identifier is being collected or stored.
- Failing to obtain a person’s consent before disclosing, redisclosing, or otherwise disseminating a person’s biometric information to a third-party.
- Failing to establish a publicly available policy detailing a retention schedule and guidelines for permanently destroying biometric identifiers and information.
- Profiting in any way from the use of biometric identifiers and information.