Steak ‘n Shake Faces BIPA Lawsuit Over Self-serve Kiosks

Steak ‘n Shake is being sued in an Illinois federal court for allegedly violating the state’s Biometric Information Privacy Act (BIPA). Plaintiff Michael Massel claims the casual dining chain collected and stored customers’ face biometrics data through its self-service kiosks without obtaining proper consent.

Introduced in 2024, the kiosks use facial recognition technology to streamline customer orders and track loyalty rewards. Massel alleges that Steak ‘n Shake failed to provide adequate notice or written consent as required under BIPA, raising concerns about data security and privacy.

The filing against Steak ‘n Shake emphasizes that biometric data, such as facial geometry, poses significant risks if compromised, as it is permanent and cannot be replaced. Massel’s suit seeks damages of up to $5,000 per violation and certification of a class action for any customers in Illinois who had their biometric information collected by Steak ‘n Shake in the past five years.

Illinois Governor JB Pritzker recently signed an amendment to BIPA that significantly alters its enforcement. The amendment stipulates that multiple collections of the same biometric identifier from the same person using the same method without proper notice and consent will now count as a single violation, rather than separate violations for each instance.

This change reduces potential liability for businesses and addresses concerns raised by the Illinois Supreme Court’s decision in Cothron v. White Castle Systems, Inc., which previously allowed for claims to accrue with each biometric scan. The amendment also legitimizes electronic consent, including online clickwrap agreements, providing further clarity for compliance. The legislative change is expected to decrease the number of class action lawsuits filed under BIPA.

Source: Top Class Actions

–

September 5, 2024 – by Tony Bitzionis