Bryant v. Compass Group U.S.A., Inc., No. 20-1443 (7th Cir. 2020)
Annotate this Case
Justia Opinion Summary
Want to stay in the know about new opinions from the Seventh Circuit US Court of Appeals?
Sign up for free summaries delivered directly to your inbox. Learn More ›
You already receive new opinion summaries from Seventh Circuit US Court of Appeals. Did you know we offer summary newsletters for even more practice areas and jurisdictions? Explore them here.
Bryant's Illinois employer had a cafeteria, containing vending machines owned and operated by Compass. The machines did not accept cash; a user had to establish an account using her fingerprint. Fingerprints are “biometric identifiers” under the Illinois Biometric Information Privacy Act (BIPA). In violation of BIPA, Compass never made publicly available a retention schedule and guidelines for permanently destroying the biometric identifiers and information it was collecting; never informed Bryant in writing that her biometric identifier was being collected or stored, of the specific purpose and length of term for which her fingerprint was being collected, stored, and used; nor obtained Bryant’s written release to collect, store, and use her fingerprint.
Bryant brought a putative class action in state court; BIPA provides a private right of action to persons “aggrieved” by a violation. Compass removed the action to federal court under the Class Action Fairness Act, 28 U.S.C. 1332(d), on the basis of diversity of citizenship and an amount in controversy exceeding $5 million. Bryant successfully moved to remand the action, claiming that the district court did not have subject-matter jurisdiction because she lacked the concrete injury-in-fact necessary for Article III standing. State law poses no such problem. The district court found that Compass’s alleged violations were bare procedural violations that caused no concrete harm to Bryant. The Seventh Circuit reversed. The failure to follow BIPA leads to an invasion of personal rights that is both concrete and particularized.
The court issued a subsequent related opinion or order on June 30, 2020.
Download PDF
In the United States Court of Appeals For the Seventh Circuit ____________________ No. 20-1443 CHRISTINE BRYANT, Plaintiff-Appellee, v. COMPASS GROUP USA, INC., Defendant-Appellant. ____________________ Appeal from the United States District Court for the Northern District of Illinois, Eastern Division. No. 19 C 6622 — Virginia M. Kendall, Judge. ____________________ ARGUED APRIL 24, 2020 — DECIDED MAY 5, 2020 ____________________ Before WOOD, Chief Judge, and RIPPLE and ROVNER, Circuit Judges. WOOD, Chief Judge. Section 15(b) of Illinois’s Biometric Information Privacy Act (BIPA), 740 ILCS 14 (2008), regulates the collection, use, and retention of a person’s biometric identifiers or information. It requires collectors of this material to obtain the written informed consent of any person whose data is acquired. This regime is designed to protect consumers against the threat of irreparable privacy harms, identity theft, 2 No. 20-1443 and other economic injuries arising from the increasing use of biometric identifiers and information by private entities. As a matter of state law, anyone “aggrieved” by a violation of the disclosure and informed consent obligations is entitled to bring a private action against the alleged o ender. The question now before us is whether, for federal-court purposes, such a person has su ered the kind of injury-in-fact that supports Article III standing. We conclude that a failure to follow section 15(b) of the law leads to an invasion of personal rights that is both concrete and particularized. See Spokeo, Inc. v. Robins, 136 S. Ct. 1540 (2016). We therefore reverse the district court’s order remanding this case to state court and remand for further proceedings. I The underlying facts of the case are straightforward. Christine Bryant worked for a call center in Illinois. As a convenience for its employees, the center had a workplace cafeteria, in which it had installed Smart Market vending machines owned and operated by Compass Group USA, Inc. The machines did not accept cash; instead, a user had to establish an account using her fingerprint. Accordingly, during her orientation Bryant and her coworkers were instructed by their employer to scan their fingerprints into the Smart Market system and establish a payment link to create user accounts. Once their accounts were active, employees could purchase items and add money to their balance using just their fingerprints. Their fingerprints are “biometric identifiers” within the meaning of the Act. 740 ILCS 14/10. In violation of section 15(a) of BIPA, id. § 15(a), Compass never made publicly available a retention schedule and No. 20-1443 3 guidelines for permanently destroying the biometric identifiers and information it was collecting and storing. In addition, in violation of section 15(b), Compass never: (1) informed Bryant in writing that her biometric identifier (fingerprint) was being collected or stored, (2) informed Bryant in writing of the specific purpose and length of term for which her fingerprint was being collected, stored, and used, or (3) obtained Bryant’s written release to collect, store, and use her fingerprint. Id. § 15(b). Bryant does not assert that she did not know that her fingerprint was being collected and stored, nor why this was happening. She voluntarily created a user account for the Smart Market vending machines and regularly made use of the fingerprint scanner to purchase items from the machines. She contends simply that Compass’s failure to make the requisite disclosures denied her the ability to give informed written consent as required by section 15(b). Compass’s failure to comply with the Act resulted, both for her and others similarly situated, in the loss of the right to control their biometric identifiers and information. Seeking redress for that invasion of her personal data, on August 13, 2019, Bryant brought a putative class action against Compass in the Circuit Court of Cook County, pursuant to BIPA’s provision providing a private right of action in state court to persons “aggrieved” by a violation of the statute. See 740 ILCS 14/20; Rosenbach v. Six Flags Entm’t Corp., 432 Ill. Dec. 654 (Ill. 2019). Bryant seeks to represent a class of Illinois citizens who used Compass’s Smart Market biometricenabled vending machines after August 2014. She alleges that Compass violated her and class members’ statutory rights under BIPA when it collected users’ fingerprints without first 4 No. 20-1443 making the required written disclosures about use and retention and without written authorization. See 740 ILCS 14/15(a)–(b). For purposes of the standing issue before us, we accept Bryant’s allegations as true. Compass removed the action to federal court under the Class Action Fairness Act (CAFA), 28 U.S.C. § 1332(d), on the basis of diversity of citizenship and an amount in controversy exceeding $5 million. Compass is incorporated in Delaware and has its principal place of business in North Carolina; Bryant is a citizen of Illinois. This is enough to assure the minimal diversity required by CAFA. The requisite amount in controversy is also secure: claims of individual class members are aggregated for purposes of CAFA, see 28 U.S.C. § 1332(d)(6), and here, BIPA authorizes statutory damages of $5,000 for each intentional or reckless violation. 740 ILCS 14/20(1)–(2). Compass asserts, and Bryant does not contest, that the alleged class has at least 1,000 members. Bryant moved to remand the action to the state court, claiming that the district court did not have subject-matter jurisdiction because she lacked the concrete injury-in-fact necessary to satisfy the federal requirement for Article III standing. (State law apparently poses no such problem, we note, as the Illinois Supreme Court pointed out in Rosenbach.) The district court found that Compass’s alleged violations of sections 15(a) and (b) were bare procedural violations that caused no concrete harm to Bryant; accordingly, it remanded the action to the state court. Compass petitioned this court for permission to appeal the remand order under 28 U.S.C. § 1453(c); on March 13, 2020, we accepted the appeal. No. 20-1443 5 II A As the party invoking federal jurisdiction, Compass bears the burden of establishing Bryant’s Article III standing. See Collier v. SP Plus Corp., 889 F.3d 894, 896 (7th Cir. 2018) (per curiam). This fact has occasioned a role reversal in the arguments we normally see in these cases, with the defendant insisting that Article III standing is solid, and the plainti casting doubt on it. For Bryant to have Article III standing, three requirements must be satisfied: (1) she must have su ered an actual or imminent, concrete and particularized injury-in-fact; (2) there must be a causal connection between her injury and the conduct complained of; and (3) there must be a likelihood that this injury will be redressed by a favorable decision. Lujan v. Defs. of Wildlife, 504 U.S. 555, 560–61 (1992). Only the first of those criteria is at issue here: any injury she su ered was caused directly by Compass’s failure to comply with BIPA, and the prospect of statutory damages shows that such an injury is redressable. In Spokeo, the Supreme Court explained that a “concrete” injury must actually exist but need not be tangible. 136 S. Ct. at 1548–49. A legislature may “elevate to the status of legally cognizable injuries concrete, de facto injuries that were previously inadequate in law.” Id. (quoting Lujan, 504 U.S. at 578). But “a bare procedural violation, divorced from any concrete harm,” does not “satisfy the injury-in-fact requirement of Article III.” Id. “Instead, the plainti must show that the statutory violation presented an ‘appreciable risk of harm’ to the underlying concrete interest that [the legislature] sought to 6 No. 20-1443 protect by enacting the statute.” Groshek v. Time Warner Cable, Inc., 865 F.3d 884, 887 (7th Cir. 2017) (quoting Meyers v. Nicolet Rest. of De Pere, LLC, 843 F.3d 724, 727 (7th Cir. 2016)). Compass urges that BIPA has elevated to protectible status a person’s inherent right to control her own body, including the associated biometric identifiers and information. The violation or trespass upon that right, it reasons, is a concrete injury-in-fact for standing purposes. Compass relies on the Illinois Supreme Court’s recent decision in Rosenbach, in which that court decided who qualifies as an “aggrieved” person for purposes of a state-court action pursuant to BIPA. The state supreme court had no cause to consider Article III standing requirements, but Compass argues that its conclusions about the interests BIPA was intended to protect nonetheless shed light on the question before us. In Rosenbach, the plainti alleged that defendant Six Flags violated the procedures spelled out in section 15(b). 432 Ill. Dec. at 658–59. Six Flags argued that the plainti had to allege more in order to pursue her action—some tangible injury or harm. Id. at 659. The Illinois appellate court agreed with that contention, but the Illinois Supreme Court reversed, explaining that it is the well-established understanding in Illinois that “a person is prejudiced or aggrieved, in the legal sense, when a legal right is invaded by the act complained of or his pecuniary interest is directly a ected by the decree or judgment.” Id. at 662 (internal citation and quotation marks omitted). Because section 15(b) of BIPA confers a right to receive certain information from an entity that collects, stores, or uses a person’s biometric information, the violation of that right, standing alone, is an actionable grievance. Id. at 663. No. 20-1443 7 Compass highlights the fact that the Illinois Supreme Court recognized that “[t]hrough the Act, our General Assembly has codified that individuals possess a right to privacy in and control over their biometric identifiers and biometric information.” Id. A key part of the right to control biometric information is “the power to say no by withholding consent.” Id. When an entity fails to adhere to the statutory procedures and thereby denies someone the ability to make an informed decision about whether to provide her biometric identifier, “the right of the individual to maintain his or her biometric privacy vanishes into thin air” and “[t]he precise harm the Illinois legislature sought to prevent is then realized.” Id. (internal citation and quotation marks omitted). And as Compass emphasizes, the court declared that such a violation “is no mere ‘technicality.’ The injury is real and significant.” Id. In Compass’s view, the Illinois Supreme Court’s characterization of BIPA’s purpose and the nature of the injury is dispositive. Helpful though Rosenbach may be, however, we cannot uncritically assume perfect overlap between the question before the state court and the one before us. As we alluded to earlier, standing requirements in Illinois courts are more lenient than those imposed by Article III. See Greer v. Illinois Hous. Dev. Auth., 122 Ill. 2d 462, 491 (1988) (“We are not, of course, required to follow the Federal law on issues of justiciability and standing.”); Duncan v. FedEx O ce and Print Servs., Inc., 429 Ill. Dec. 190, 197 (Ill. App. Ct. 2019) (“Illinois courts generally are not as restrictive as federal courts in recognizing the standing of a plainti to bring a claim. Although federal law and Illinois law both require an ‘injury in fact’ to find standing, it does not necessarily mean that both forums define that 8 No. 20-1443 requirement in the same way.” (internal citations and quotation marks omitted)). As understood by Illinois courts, for an injury-in-fact to be considered “‘actual’ does not mean that a wrong must have been committed and an injury inflicted; rather, the term requires a showing that the underlying facts and issues of the case are not moot or premature.” Messenger v. Edgar, 157 Ill. 2d 162, 170 (1993). In short, federal courts and Illinois courts define “injuryin-fact” di erently. With this in mind, we must independently determine whether the BIPA violations Bryant alleges su ce to support Article III standing. B There have been only a few BIPA cases in federal circuit courts; none has decided the precise standing question presented here. We describe them briefly in order to show how far they did, or did not, go. In Miller v. Southwest Airlines Co., 926 F.3d 898 (7th Cir. 2019), we held that union airline workers had standing to bring claims of violations of sections 15(a) and (b) of BIPA in federal court. We found that the workers had alleged the “concrete dimension” necessary to establish Article III injuryin-fact because they faced the “prospect of a material change in [their] terms and conditions of employment,” if the employer, in light of the Act, had to bargain with the employee union to obtain employees’ consent or change how employees clocked in. Id. at 902. Additionally, the employees alleged a heightened risk of improper dissemination of biometric information if the employers were “not following the statutory data-retention limit and … used outside parties to administer their timekeeping systems.” Id. No. 20-1443 9 In Patel v. Facebook, Inc., 932 F.3d 1264 (9th Cir. 2019), the Ninth Circuit held that plainti s alleged a su ciently concrete injury for Article III standing purposes when they claimed that Facebook’s use of facial-recognition technology without users’ informed consent violated Illinois’s BIPA. The court concluded that the common-law right to privacy supplied a concrete interest that was infringed by an “invasion of an individual’s biometric privacy rights.” Id. at 1273. It also noted that the BIPA provisions at issue were intended “to protect an individual’s ‘concrete interests’ in privacy, not merely procedural rights.” Id. at 1274. In contrast, in a nonprecedential disposition the Second Circuit concluded that a plainti bringing Illinois BIPA claims against a video-game company lacked Article III standing because none of the alleged procedural violations raised “a material risk of harm” to a plainti ’s interest in “prevent[ing] the unauthorized use, collection, or disclosure of an individual’s biometric data.” Santana v. Take-Two Interactive Software, Inc., 717 F. App’x 12, 15 (2d Cir. 2017) (summary order). The allegations showed that the plainti had already given as much consent as one could imagine, by agreeing to the scan of his face, sitting still for fifteen minutes while the scan took place, and creating his game avatar for use in online games. All that was left was a bare procedural violation. The majority of the district courts in this circuit have rejected standing for plainti s alleging only violations of sections 15(a) and (b), without some further harm. See Hunter v. Automated Health Sys., Inc., 2020 WL 833180 (N.D. Ill. Feb. 20, 2020); Colon v. Dynacast, LLC, 2019 WL 5536834 (N.D. Ill. Oct. 17, 2019); McGinnis v. United States Cold Storage, Inc., 382 F. Supp. 3d 813 (N.D. Ill. 2019); Aguilar v. Rexnord LLC, 2018 WL 10 No. 20-1443 3239715 (N.D. Ill. July 3, 2018); Goings v. UGN, Inc., 2018 WL 2966970 (N.D. Ill. June 13, 2018); Howe v. Speedway LLC, 2018 WL 2445541 (N.D. Ill. May 31, 2018); McCollough v. Smarte Carte, Inc., 2016 WL 4077108 (N.D. Ill. Aug. 1, 2016); but see Figueroa v. Kronos Inc., 2020 WL 1848206 (N.D. Ill. Apr. 13, 2020). These decisions are not binding on us, however, and they did not rest on the nature of the interest BIPA seeks to protect—personal or public (see Spokeo, Thomas, J., concurring), informational, or formal. We consider this a question of first impression. C Our starting point is Spokeo itself, which provides substantial guidance about cases alleging the kind of intangible harm to personal interests that Bryant asserts. In addition, her rightto-control claim is fundamentally about the informed consent requirement in section 15(b); this gives rise to a question about informational injury, and more broadly about how Compass’s collection, storage, and use of Bryant’s fingerprint, even for purposes of which she was fully aware, might be a concrete injury either because it is closely analogous to historical claims for invasion of privacy or because she lost her right to control her own biometric information and e ectively yielded it to Compass. We begin with a closer look at Spokeo, and we then look at other examples of the harm (or lack thereof) from a company’s failure to disclose information it was obligated by law to provide to a consumer. The statute at issue in Spokeo was the Fair Credit Reporting Act (FCRA). Spokeo was a company that called itself a “people search engine.” Customers could ask it to scour a wide variety of sources for information about someone, and it No. 20-1443 11 would return a report to them. Someone asked Spokeo to prepare such a report on plainti Robins. It did so, and Robins eventually found out about the report, which he said was riddled with inaccuracies. Citing a number of injuries that he alleged this report had inflicted, or would inflict upon him, notably a number of adverse e ects on his ongoing job search, Robins filed a suit against Spokeo under FCRA. The district court dismissed his action for lack of Article III standing, but the Ninth Circuit reversed. The Supreme Court took the case to consider the standing issue. In the end, it did not rule one way or the other on Robins’s standing. It found instead that the Ninth Circuit had used the wrong test for injury-in-fact. That court had focused exclusively on the question whether Robins had alleged a particularized harm, which the Supreme Court was willing to assume that he had. But, while necessary, the Court held that this was not su cient. 136 S. Ct. at 1548. Article III also requires an injury that is concrete. Explaining, the Court said that “[a] ‘concrete’ injury must be ‘de facto’; that is, it must actually exist.” Id. But, it added, “‘[c]oncrete’ is not, however, necessarily synonymous with ‘tangible.’ Although tangible injuries are perhaps easier to recognize, we have confirmed in many of our previous cases that intangible injuries can nevertheless be concrete.” Id. at 1549. In addition, the risk of real harm can suffice, id., and injury-in-fact is not defeated just because the injury is “di cult to prove or measure,” id. Because the court of appeals failed to address the concreteness criterion, the Supreme Court thought it best to remand for application of the proper test. In essence, the task was to decide whether, in the relevant part of FCRA, Congress had identified a concrete injury that met Article III minima and 12 No. 20-1443 created a right for people in Robins’s position to sue on that claim, or if Robins was complaining about no more than a “bare procedural violation,” id. at 1550, which would not be enough to engage the judicial power.1 Justice Thomas joined the majority’s opinion, but he added a concurrence that drew a useful distinction between two types of injuries. The first, he said, arises when a private plainti asserts a violation of her own rights; the second occurs when a private plainti seeks to vindicate public rights. As examples of the first, he mentioned actions for trespass, infringement of intellectual property rights, and unjust enrichment, id. at 1551; as examples of the second, he pointed to actions seeking to abate a public nuisance, or disputes over the use of public land, id. at 1551–52. Applying Justice Thomas’s rubric, we have no trouble concluding that Bryant was asserting a violation of her own rights—her fingerprints, her private information—and that this is enough to show injury-in-fact without further tangible consequences. This was no bare procedural violation; it was an invasion of her private domain, much like an act of trespass would be. Each individual person has distinct biometric identifiers. The common interest in robust protections of personal privacy, however, is the same as the shared support for the types of laws Justice Thomas mentioned. A direct application of Spokeo, in our view, leads to the result that Bryant satisfied the injury-in-fact requirement of Article III. 1 On remand, the Ninth Circuit concluded that Robins had adequately alleged both a concrete and a particular interest for Article III purposes, and so it found that he had standing to sue. Robins v. Spokeo, Inc., 867 F.3d 1108, 1118 (9th Cir. 2017), cert. denied, 138 S. Ct. 931 (2018). No. 20-1443 13 If we instead analyze this case as a type of informational injury, we come to the same conclusion. Usually these cases arise when information that is required by statute to be disclosed to the public is withheld. See, e.g., Fed. Election Comm’n v. Akins, 524 U.S. 11, 19–25 (1998). The injury inflicted by nondisclosure is concrete if the plainti establishes that the withholding impaired her ability to use the information in a way the statute envisioned. See Bensman v. U.S. Forest Serv., 408 F.3d 945, 955–56 (7th Cir. 2005); see also Akins, 524 U.S. at 20– 21 (plainti s’ inability to obtain information with which they could more e ectively evaluate candidates for public o ce “is injury of a kind that [the Federal Election Campaign Act] seeks to address”); Pub. Citizen v. U.S. Dep’t of Justice, 491 U.S. 440, 449 (1989) (“[R]efusal to permit appellants to scrutinize the [American Bar Association] Committee’s activities to the extent [the Federal Advisory Committee Act] allows constitutes a su ciently distinct injury to provide standing to sue.”). Our recent decisions on informational injuries are instructive. In Groshek v. Time Warner Cable, the plainti argued that his prospective employer violated FCRA’s requirement that an employer seeking to obtain a consumer report on a prospective employee had to give the applicant a stand-alone written disclosure stating that a consumer report may be obtained. 865 F.3d at 884–89. Instead of a stand-alone disclosure document, Time Warner provided Groshek with a document that contained the required disclosure as well as other information. Groshek signed the form, thereby authorizing Time Warner to obtain his consumer report. We concluded that Time Warner’s violation of the stand-alone disclosure requirement inflicted only “a statutory violation completely removed from any concrete harm or appreciable risk of harm.” Id. at 14 No. 20-1443 887. Critically, FCRA “does not seek to protect Groshek from the kind of harm he claims he has su ered, i.e., receipt of a non-compliant disclosure.” Id. at 888. Instead, the purpose of FCRA is “to decrease the risk that a job applicant would unknowingly consent to allowing a prospective employer to procure a consumer report.” Id. Groshek did not allege that he was unable to give knowing and informed consent because the disclosure document he received also contained other information; thus, he did not allege a concrete injury that Congress made cognizable. In Robertson v. Allied Solutions, LLC, 902 F.3d 690 (7th Cir. 2018), in contrast, a company failed to provide a prospective employee with a copy of her background report before rescinding her employment o er on the basis of information contained in that report. We held that this omission constituted an injury-in-fact for a FCRA claim. Robertson’s informational injury was both particularized and concrete because she had a “substantive interest,” protected by FCRA, in being able to “review the reason for any adverse decision and to respond.” Id. at 696. The critical question, we said, is whether “the plainti is entitled to receive and review substantive information.” Id. at 697 (emphasis added). “Article III’s strictures are met not only when a plainti complains of being deprived of some benefit, but also when a plainti complains that she was deprived of a chance to obtain a benefit.” Id. Accordingly, it was “immaterial” that Robertson did not plead what she would have done if she had been given the chance to respond. Id. It was su cient that Robertson, unlike Groshek, was wholly deprived of the information necessary to respond in the way FCRA contemplated. No. 20-1443 15 It is possible, however, to plead oneself out of court. That is what happened in Casillas v. Madison Avenue Associates, 926 F.3d 329 (7th Cir. 2019). In that case, a debt collector failed to inform a debtor that any response to its debt collection notice needed to be in writing, as the Fair Debt Collection Practices Act required. We drew a contrast between the substantive information the plainti in Robertson was denied—information on which her prospective employer relied when rescinding her employment o er—and the purely procedural flaw in Casillas’s case. Casillas pointed to nothing that hinged on the di erence between oral and written notice and gave no reason to think that any harm resulted from the type of notice she received. Id. at 334–35. Indeed, she admitted that no amount of notice or information would have changed her behavior. In those circumstances, Casillas lacked standing to sue the debt collector for its technical violation of the Act. Id. at 335. Returning to the facts presented here, the substantive and personal nature of the information Compass was obligated under BIPA to disclose to consumers such as Bryant makes this case more like Robertson than Casillas for purposes of her claim under section 15(b). As the Illinois Supreme Court recognized in Rosenbach, the informed-consent regime laid out in section 15(b) is the heart of BIPA. The text of the statute demonstrates that its purpose is to ensure that consumers understand, before providing their biometric data, how that information will be used, who will have access to it, and for how long it will be retained. The judgment of Illinois’s General Assembly is that the sensitivity of biometric information and the risk of identity theft or other privacy or economic harm that may result from its dissemination, necessitates that people be given the opportunity to make informed choices about to whom and for what purpose they will relinquish control of 16 No. 20-1443 that information. Compass’s failure to abide by the requirements of section 15(b) before it collected Smart Market users’ fingerprints denied Bryant and others like her the opportunity to consider whether the terms of that collection and usage were acceptable given the attendant risks. This was not a failure to satisfy a purely procedural requirement. Rather, as in Robertson, Compass withheld substantive information to which Bryant was entitled and thereby deprived her of the ability to give the informed consent section 15(b) mandates. Equipped with the missing information, she may have chosen not to use the vending machines and instead brought her own lunch or snacks. Or she may have opted for the convenience of the machines. She did not realize that there was a choice to be made and what the costs and benefits were for each option. This deprivation is a concrete injury-in-fact that is particularized to Bryant. She thus meets the requirements for Article III standing on her section 15(b) claim. D Bryant’s claim under section 15(a) is a separate matter. Section 15(a) obligates private entities that collect biometric information to make publicly available a data retention schedule and guidelines for permanently destroying collected biometric identifiers and information. In contrast to the obligations set forth under section 15(b), the duty to disclose under section 15(a) is owed to the public generally, not to particular persons whose biometric information the entity collects. This provision is not part of the informed-consent regime, and Bryant alleges no particularized harm that resulted from Compass’s violation of section 15(a). No. 20-1443 17 We conclude that Bryant did not su er a concrete and particularized injury as a result of Compass’s violation of section 15(a). She therefore lacks standing under Article III to pursue that claim in federal court. As we noted earlier, we have no authority and no occasion to address her state-court standing to bring this claim. III Recognizing the privacy and economic risks involved in the wide use of biometric information, the Illinois General Assembly mandated in section 15(b) of BIPA that private entities make certain disclosures and receive informed consent from consumers before obtaining such information. As alleged, Compass did not make the requisite disclosures to Bryant or obtain her informed written consent before collecting her fingerprints. By failing to do so, Compass inflicted the concrete injury BIPA intended to protect against, i.e. a consumer’s loss of the power and ability to make informed decisions about the collection, storage, and use of her biometric information. This injury satisfies the requirements for Article III standing, and so Bryant’s claim under section 15(b) may proceed in federal court. We therefore REVERSE the judgment of the district court remanding the action to the Circuit Court of Cook County, and REMAND this case to the district court for further proceedings consistent with this opinion.
Some case metadata and case summaries were written with the help of AI, which can produce inaccuracies. You should read the full case before relying on it for legal research purposes.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
