Retail Corporation Walmart Facing New Lawsuit in Illinois
October 04, 2022 | 4 minutes read
While social media companies such as Twitter, Meta, and TikTok continue to run amok of data privacy legislation worldwide, the Illinois State Legislature continues to enforce their landmark Biometric Information Privacy Act (BIPA) in a manner that is all but unheard of throughout the rest of the U.S. To this point, major news organizations around the country reported last week that multinational retail corporation Walmart was the latest major business to be accused of violating the Illinois BIPA law. For reference, the provisions of the BIPA prohibit businesses from collecting, storing, disclosing, or selling the biometric information of Illinois citizens, among other relevant stipulations.
With all this being said, court documents that were filed by an Illinois resident named James Luthe on September 1, 2022, allege that “Walmart stores in Illinois are outfitted with cameras and advanced video surveillance systems that — unbeknownst to customers — surreptitiously collect, possess, or otherwise obtain Biometric Data,” the complaint reads. “Walmart does not notify customers of this fact prior to store entry, nor does it obtain consent prior to collecting its customers Biometric Data.” What’s more, the lawsuit also claims that Walmart failed to notify customers about the company’s use of “Clearview artificial intelligence facial recognition software that scans and stores facial features.”
Data privacy violations in the U.S.
In what has become a recurring theme for many large-scale businesses that serve U.S. consumers in recent months, the overwhelming lack of privacy legislation that currently exists within the country has effectively given businesses such as Walmart the ability to collect, store, and sell the personal information of their customers without penalty or consequence. For context, Google, Youtube, Snapchat, and several fast food restaurants including Chipotle, Applebees, and Red Lobster, among others, have been hit with lawsuits for violating the Illinois BIPA law this year alone.
Likewise, while the specific nature of the lawsuits that have been imposed against these respective businesses are undoubtedly varied, all of these lawsuits highlight the discrepancies between collecting the personal information of citizens that are protected by privacy legislation and the millions of other citizens across the U.S. that are not afforded the same level of data protection. To this end, while collecting the biometric data and Illinois resident without their consent could result in a business being hit with a million-dollar fine, these same data collection practices are perfectly legal in virtually every other U.S. state.
GDPR enforcement in recent years
To this last point, the level to which the Illinois State Legislature has enforced the BIPA has drawn comparisons to the EU’s landmark General Data Protection Regulation (GDPR), as many of the same businesses that have been fined millions of dollars for violating the BIPA have also faced similar penalties for breaking the law within European nations as well. In both cases, the actions that have landed businesses monetary penalties for violating the law are legal in most other countries around the world, displaying the value that privacy laws can provide to consumers as it concerns the protection of their personal data and in turn, their privacy.
Clearview artificial intelligence
In addition to claims that Walmart violated the biometric data privacy rights of James Luthe, his lawsuit also cited the company’s use of facial recognition software. Subsequently, while the first point of contention has yet to be conclusively proven, Walmart has publicly acknowledged its use of facial recognition technology throughout its various retail locations. Nevertheless, Clearview AI, a company that has provided Walmart with facial recognition cameras, in addition to various other private businesses, has also been accused of violating the personal privacy rights of American citizens in the past, as the company has already been found guilty of violating the BIPA outside of their business relationship with Walmart.
In spite of the fact that data privacy legislation within the U.S. is still very limited when compared to many other countries, the way in which the Illinois BIPA law has been enforced in recent years has effectively provided U.S. states with a data protection blueprint that can be followed in the near future. Furthermore, the manner in which the BIPA has been enforced is in direct contrast to the public perception of many huge business corporations such as Walmart, as these businesses are often able to avoid taking accountability for actions that prove detrimental to everyday consumers. For these reasons, the Illinois BIPA will surely continue to influence the enactment of new privacy laws globally in the years to come.