CHICAGO— Four consumers allege that 7-Eleven Inc. violated the Illinois Biometric Information Privacy Act (BIPA) by illegally collecting, storeing and U.Sing the buyers‘ facial scans, and possibly other biometric identifiers, without first obtaining written consent to do so or providing legal information.
According to a proposed 23-page class action filing, many 7-Eleven locations in Chicago use surveillance systems provided by Clickit, a provider of smart video solutions. The filing asserts that although Clickit‘s technology is allegedly configured to work without using facial recognition software or algorithms, it nevertheless violates Illinois’ BIPA because it scans faces and recognizes facial features, reported ClassAction.org.
The lawsuit, filed April 25 by plaintiffs Ryan Hess, Carolyn Johnson, Thomas McKee and Barbara Moss, states that Clickit, in an effort to alleviate privacy concerns, notes that facial scans and biometric data it collection can be deleted daily. This “suggested strategy,“ the lawsuit argues, ignores the fact that collecting biometric data, no matter how long it is retained or anonymized, still violates BIPA.
“This is underscored by the fact that 7-Eleven’s storefronts, interiors and exteriors are not equipped with visible signs to inform customers that their biometric data will be captured or collected when they enter 7-Eleven stores,“ the plaintiffs wrote in the lawsuit.
Additionally, 7-Eleven also has its own proprietary surveillance technology with facial recognition capabilities, according to the lawsuit.
Under BIPA, a private Illinois entity that processes consumer biometric data, which may include a retina or iris scan, fingerprint, voiceprint, or scan of a person‘s hand or face geometry, must notify a person in writing that their biometric information is being collected.
A private entity is also required to inform the individual of the specific purpose and duration for which a biometric identifier will be collected, stored and used, and to receive written permission from the individual authorizing the collection of their data. Finally, a private entity must publish a publicly available retention schedule and guidelines for permanently destroying consumers‘ biometric identifiers, depending on the file.
“7-Eleven does not inform customers of this fact before entering the store, nor does it obtain their consent before capturing and retrieving its customers.‘ biometric data,“ the alleged complaint. “Further, 7-Eleven does not provide a publicly available policy establishing a retention schedule and guidelines for the permanent destruction of such biometric data.“
According to the complaint, 7-Eleven was investigated in 2021 for similar alleged conduct by the Australian Information Commissioner and Privacy Commissioner, who concluded that the retailer had “interfered with customers‘ privacy by collecting their facial impressions without their information or consent.” Additionally, the company has acknowledged that it has been using facial recognition technology in its stores in Thailand since 2018, the case says.
Hess, Johnson, McKee and Moss are demanding a jury trial and seeking an injunction as well as statutory damages for themselves and all members of the class, according to Main Class Actions. They want to represent a class of Illinois consumers whose biometric data has been collected, captured, received or otherwise obtained and/or stored by 7-Eleven.
Texas-based Irving 7 eleven operates, franchises and/or licenses over 13,000 stores in the United States and Canada. In addition to 7–Eleven stores, 7–Eleven Inc. operates and franchises Speedway, Stripes, Laredo Taco Co. and Raise the Roost Chicken & Biscuits locations.