Retail Corporation Walmart Facing New Lawsuit in Illinois

October 04, 2022 | 4 minutes read
Retail Corporation Walmart Facing New Lawsuit in Illinois

While social media companies such as Twitter, Meta, and TikTok continue to run amok of data privacy legislation worldwide, the Illinois State Legislature continues to enforce their landmark Biometric Information Privacy Act (BIPA) in a manner that is all but unheard of throughout the rest of the U.S. To this point, major news organizations around the country reported last week that multinational retail corporation Walmart was the latest major business to be accused of violating the Illinois BIPA law. For reference, the provisions of the BIPA prohibit businesses from collecting, storing, disclosing, or selling the biometric information of Illinois citizens, among other relevant stipulations.

With all this being said, court documents that were filed by an Illinois resident named James Luthe on September 1, 2022, allege that “Walmart stores in Illinois are outfitted with cameras and advanced video surveillance systems that — unbeknownst to customers — surreptitiously collect, possess, or otherwise obtain Biometric Data,” the complaint reads. “Walmart does not notify customers of this fact prior to store entry, nor does it obtain consent prior to collecting its customers Biometric Data.” What’s more, the lawsuit also claims that Walmart failed to notify customers about the company’s use of “Clearview artificial intelligence facial recognition software that scans and stores facial features.”

Data privacy violations in the U.S.

In what has become a recurring theme for many large-scale businesses that serve U.S. consumers in recent months, the overwhelming lack of privacy legislation that currently exists within the country has effectively given businesses such as Walmart the ability to collect, store, and sell the personal information of their customers without penalty or consequence. For context, Google, Youtube, Snapchat, and several fast food restaurants including Chipotle, Applebees, and Red Lobster, among others, have been hit with lawsuits for violating the Illinois BIPA law this year alone.

Likewise, while the specific nature of the lawsuits that have been imposed against these respective businesses are undoubtedly varied, all of these lawsuits highlight the discrepancies between collecting the personal information of citizens that are protected by privacy legislation and the millions of other citizens across the U.S. that are not afforded the same level of data protection. To this end, while collecting the biometric data and Illinois resident without their consent could result in a business being hit with a million-dollar fine, these same data collection practices are perfectly legal in virtually every other U.S. state.

GDPR enforcement in recent years

To this last point, the level to which the Illinois State Legislature has enforced the BIPA has drawn comparisons to the EU’s landmark General Data Protection Regulation (GDPR), as many of the same businesses that have been fined millions of dollars for violating the BIPA have also faced similar penalties for breaking the law within European nations as well. In both cases, the actions that have landed businesses monetary penalties for violating the law are legal in most other countries around the world, displaying the value that privacy laws can provide to consumers as it concerns the protection of their personal data and in turn, their privacy.

Clearview artificial intelligence

In addition to claims that Walmart violated the biometric data privacy rights of James Luthe, his lawsuit also cited the company’s use of facial recognition software. Subsequently, while the first point of contention has yet to be conclusively proven, Walmart has publicly acknowledged its use of facial recognition technology throughout its various retail locations. Nevertheless, Clearview AI, a company that has provided Walmart with facial recognition cameras, in addition to various other private businesses, has also been accused of violating the personal privacy rights of American citizens in the past, as the company has already been found guilty of violating the BIPA outside of their business relationship with Walmart.

In spite of the fact that data privacy legislation within the U.S. is still very limited when compared to many other countries, the way in which the Illinois BIPA law has been enforced in recent years has effectively provided U.S. states with a data protection blueprint that can be followed in the near future. Furthermore, the manner in which the BIPA has been enforced is in direct contrast to the public perception of many huge business corporations such as Walmart, as these businesses are often able to avoid taking accountability for actions that prove detrimental to everyday consumers. For these reasons, the Illinois BIPA will surely continue to influence the enactment of new privacy laws globally in the years to come.

Related Reads

Blurring Faces from Videos and The Truth About Body-Worn Camera Privacy
September 06, 2023 | 4 minutes read
Blurring Faces from Videos and The Truth About Body-Worn Camera Privacy

Body-worn cameras are an essential piece of equipment for law enforcement officers and the redaction of faces from BWC footage is necessary to protect the privacy of individuals.

Learn More »
Sensitive Information, Protected: Patient Privacy, HIPAA, And You
August 30, 2023 | 4 minutes read
Sensitive Information, Protected: Patient Privacy, HIPAA, And You

HIPAA compliance ensures patient privacy. Often making the consequences of non-compliance severe, so how do you avoid that?

Learn More »
Protecting Privacy in the Healthcare Field: PII, PHI & PCI
July 12, 2023 | 5 minutes read
Protecting Privacy in the Healthcare Field: PII, PHI & PCI

Healthcare professionals handle a wide range of sensitive data that is crucial for delivering quality care. But protecting that data is getting harder.

Learn More »
FISA Section 702, Is The US Government Monitoring You?
June 26, 2023 | 6 minutes read
FISA Section 702, Is The US Government Monitoring You?

Is there a give-and-take relationship that must be accepted when it comes to keeping the country safe? Should U.S. persons be okay with the incidental collection of their conversations in the name of national security under FISA Section 702? Even when it violates their constitutional rights? Well, that’s up to Congress to decide.

Learn More »
The Gap You Won’t Want to Close: Air-Gapped Systems
June 05, 2023 | 6 minutes read
The Gap You Won’t Want to Close: Air-Gapped Systems

An air-gapped system is a computer, or network that is physically isolated from any external connections and networks which includes the Internet. It operates in total isolation with neither wired nor wireless connections to other devices.

Learn More »
Using Redaction for Privacy Maintenance as An Investigator
May 31, 2023 | 5 minutes read
Using Redaction for Privacy Maintenance as An Investigator

These oaths emphasize upholding the law, serving the public, and protecting the rights of individuals. One of these many rights is privacy. An investigator must adhere to the legal and ethical guidelines within the jurisdiction and perform their investigation within those specifically set boundaries.

Learn More »