Fox v. Dakkota Integrated Systems, LLC, No. 20-2782 (7th Cir. 2020)Annotate this Case
The Illinois Biometric Information Privacy Act regulates the collection, use, retention, disclosure, and dissemination of biometric identifiers (fingerprints, retina and iris scans, hand scans, and facial geometry). Fox's employer, Dakkota, required employees to clock in and out by scanning their hands on a biometric timekeeping device. Dakkota used third-party software to capture that data, which was stored in a third-party's database. Fox alleges that Dakkota did not obtain her informed written consent before collecting her biometric identifiers, unlawfully disclosed or disseminated her biometric data to third parties without her consent, failed to develop, publicly disclose, and implement a data-retention schedule and guidelines for the permanent destruction of its employees’ biometric identifiers, and failed to permanently destroy her biometric data when she left the company. Fox was represented by a union at Dakkota, The judge dismissed two counts as preempted by the Labor Management Relations Act, but remanded the section 15(a) claim to state court.
The Seventh Circuit reversed the remand order. Fox’s section 15(a) claim does not allege a mere procedural failure to publicly disclose a data-retention policy but alleges a concrete and particularized invasion of her privacy interest in her biometric data stemming from Dakkota’s violation of its section 15(a) duties to develop, publicly disclose, and comply with data retention and destruction policies. Her allegations plead an injury in fact for purposes of Article III. The invasion of a legally protected privacy right, though intangible, is personal and real, not general and abstract.