Good News for Companies: Seventh Circuit Holds Removal of Plaintiffs’ Biometrics Privacy Claims to Federal Court OK

In a widely watched case, the Seventh Circuit decided last week that companies that collect individuals’ biometric data may be able to defend their cases in federal court when plaintiffs allege a procedural violation of Illinois’ Biometric Information Privacy Act (BIPA).

In Bryant v. Compass Group USA, Inc., the Seventh Circuit held that certain procedural violations of Illinois’ BIPA constituted actual injuries and therefore satisfied the requirements for federal court standing. Relying on Spokeo, the seminal U.S. Supreme Court case addressing what constitutes an actual injury for standing purposes, the court held that the plaintiff’s allegations, if proven, would demonstrate that she suffered an actual injury based on the fact that Compass did not obtain her consent before obtaining her private information. Therefore, the case could remain in federal court.

The decision now gives defendants that want to defend BIPA claims in federal court a roadmap for their arguments, including access to a larger jury pool, the Federal Rules of Procedure, and other federal court-related advantages. It is also notable because BIPA defendants have attempted to remove BIPA cases to federal court and then file motions to dismiss them for lack of standing. However, the federal courts have typically remanded these cases, forcing defendants back into state court and sometimes even requiring them to pay just costs and any actual expenses, including attorney fees, incurred as a result of the removal.[1]

What Happened in Bryant v. Compass Group USA

In Compass Group USA, a customer sued a vending machine manufacturer after she scanned her fingerprint into a vending machine to set up an account during her employer’s orientation. She then used her fingerprint to buy items from the vending machine.

The plaintiff filed a putative class action lawsuit on behalf of herself and all other persons similarly situated in state court alleging that Compass violated her statutory rights under BIPA by 1) obtaining her fingerprint without her written consent and 2) not establishing a publicly available data retention schedule or destruction guidelines for possession of biometric data as required by the statute.

Shortly after the plaintiff filed suit in Cook County Circuit Court, Compass filed a notice to remove the case to the Northern District of Illinois. Opposing the motion, the plaintiff argued that she did not have federal standing for her BIPA claims because she had not alleged an injury-in-fact as required by Article III.

Compass argued that the plaintiff had alleged an injury-in-fact under Article III, pointing to the recent Illinois Supreme Court case, Rosenbach v. Six Flags Ent. Corp., which held that plaintiffs can bring BIPA claims based on procedural violations, even if they have suffered no actual injury. Rosenbach held that, if a company, for example, fails to comply with BIPA’s requirement of establishing destruction guidelines for possession of biometric data, that violation alone – without any actual pecuniary or other injury – creates an actual injury.

The district court sided with the plaintiff and concluded that Rosenbach merely established “the policy of the Illinois courts” to allow plaintiffs to bring BIPA claims without alleging an actual injury. Rosenbach did not interpret procedural BIPA violations to be actual injuries.

Because the plaintiff’s claims did not establish Article III standing, the district court granted the plaintiff’s motion to remand the case back to state court.

The Seventh Circuit reversed, relying on Spokeo. It interpreted Spokeo as holding that injuries may still be particularized and concrete – i.e., actual – even if they are intangible or hard to prove. The court also cited Justice Thomas’ concurrence in Spokeo that distinguished between private rights (which courts have historically presumed to cause actual injuries) and public rights (which require a further showing of injury).

The court held that the plaintiff had alleged that she suffered an actual injury when Compass collected her biometric data without obtaining her informed consent because this was a private right. The court also relied on Fed. Election Comm’n v. Atkins, 525 U.S. 11 (1998).  In Atkins, the Supreme Court held that nondisclosure can be an actual injury if plaintiffs can show an impairment of their ability to use information in a way intended by the statute. The court in Compass similarly held that the defendant had denied the plaintiff the opportunity — and statutory right — to consider whether the terms of the defendant’s data collection and usage were acceptable. As a result, the court held that the plaintiff alleged an actual injury.

By contrast, the court determined that the plaintiff’s other claim – that the defendant violated BIPA by failing to make publicly available a data retention schedule and destruction guidelines for possession of biometric data – implicated a public right and did not cause the plaintiff an actual injury.


[1] See, e.g. Mocek v. Allsaints USA Ltd., 220 F. Supp. 3d 910, 914 (N.D. Ill. 2016) (“Defendant’s professed strategy of removing the case on the basis of federal jurisdiction, only to turn around and seek dismissal with prejudice—a remedy not supported by any of defendant’s cases—on the ground that federal jurisdiction was lacking, unnecessarily prolonged the proceedings. . . . For the foregoing reasons, I grant plaintiff’s motion for remand and attorneys’ fees and deny as moot defendant’s motion to dismiss. Because defendant has not objected to the specific fee amount plaintiff claims, which she supports with evidence in the form of affidavits and billing records, I find that plaintiff is entitled to payment in the amount of $58,112.50 pursuant to § 1447(c).”)

© 2020 Schiff Hardin LLP
For more on BIPA, see the National Law Review Communications, Internet, and Media Law section.

Smoking Cannabis Legally in Illinois: What’s an Employer to Do?

On January 1, 2020, Illinois joined the growing number of states that allow the sale and use of marijuana for personal and recreational use. The law has been so popular that most of the cannabis dispensaries in Illinois sold out of their supply within the first week.

So, what now for employers in Illinois? May they tell workers who get stoned on a break that they must leave the workplace? Can they still maintain a drug-free workplace? Can they still do drug testing? The answer to all three questions is yes; however, as explained below, there are important steps that an employer must take should it decide to discipline an employee. While there will be much to work out as Illinois navigates its new cannabis laws, employers may maintain the same standards at work that they had before the law became effective. But they need to know and follow the new law’s requirements.

Parameters of the New Law

On January 1, 2020, the Cannabis Regulation Tax Act (CRTA), 410 Ill. Comp. Stat. Ann. 705/10 et seq., became law, permitting personal and recreational cannabis use for all individuals 21 years of age or older. Under the CRTA, Illinois residents may possess 30 grams of cannabis flower, 500 milligrams of a THC-infused cannabis product and 5 grams of cannabis concentrate for personal use.

The CRTA will not be interpreted to diminish workplace (includes buildings, real property and parking lots under control of the employer and used by the employee to perform job duties) safety. The act identifies and allows employers to adopt certain cannabis policies relating to use, consumption, storage and impairment to further protect employee safety, such as:

  • Employers are allowed to adopt a reasonable zero-tolerance policy for its employees or require a drug-free workplace.
  • Employers are permitted to adopt employment policies relating to drug testing, smoking, consuming, storing and using cannabis while an employee is at the workplace, performing job duties or on call.
  • Employers may prohibit an employee from using cannabis or from being under the influence of cannabis while at the workplace, performing job duties or on call.
  • Employers may undertake disciplinary measures or terminate an employee’s employment for violating a reasonable workplace drug policy.

A Fine Line

One of the trickier aspects for Illinois employers will be making a determination of when an employee is impaired or under the influence of cannabis. The law provides that an employer can express a “good faith belief” that the employee manifests certain articulable symptoms that decrease or diminish the employee’s job performance and responsibilities. The CTRA identifies a number of symptoms an employer may consider in finding an employee is impaired or under the influence, such as “symptoms of the employee’s speech, physical dexterity, agility, coordination, demeanor, irrational or unusual behavior, or negligence or carelessness in operating equipment or machinery; disregard for the safety of employee or others, involvement in any accident that results in serious damage to equipment or other property; disruption of a production of manufacturing process; or carelessness that results in any injury to the employee or others.”

When an employer takes any action against an employee for being under the influence of cannabis, the CTRA requires that an employee be provided a reasonable opportunity to challenge the basis of an employer’s determination. Employers should notify an employee in writing of its determination and invite the employee to state their case as to why the employer’s determination may be incorrect before it takes an adverse action against the employee. All activity in the appeal process should be documented.

Employers’ Rights and Liability

Some good news for employers is that the CTRA does not create or imply a cause of action against an employer for the actions taken relating to an employer’s reasonable workplace drug policy. IL LEGIS 101-593 (2019), 2019 Ill. Legis. Serv. P.A. 101-593 (S.B. 1557) (WEST). Actions taken relating to an employer’s reasonable drug policy include subjecting an employee or applicant to a drug and/or alcohol test, nondiscriminatory random drug testing, disciplining employees, termination of employment or withdrawing an offer for employment because of a failed drug test. The amendments to the CTRA now expressly limit an employer’s liability for disciplining or terminating employment resulting from a failed drug test. Further, the amendments to the CTRA clarify and reinforce an employer’s ability to administer pre-employment and random drug testing policies.

Employers must be careful, however, to not take action against an employee when the use of cannabis is after work hours. The Right to Privacy in the Workplace Act was amended, effective January 1, 2020, 820 Ill. Comp. Stat. Ann. 55/5, to specifically prohibit employers from terminating employment because of an employee’s personal or recreational use of lawful products (including cannabis) outside of the workplace during nonworking, off-call hours. In the event an employee is disciplined or employment is terminated because of cannabis use outside of the workplace during off-duty hours, an employee may bring a discrimination cause of action under the Right to Privacy in the Workplace.

It is anticipated that there will be tension between individuals contesting an employer’s determination that he/she was impaired or under the influence of cannabis at the workplace with the contention that any use was during off-duty hours. For instance, what if an employee used cannabis four hours before starting a shift? The employee may claim protection under the Right to Privacy in the Workplace, whereas the employer may argue the employee was nonetheless under the influence in the workplace. This tension is exacerbated by the fact that there is currently no test to determine how recently an individual has used, consumed or smoked cannabis. Further, there is no test that determines how high or low cannabis levels are in an individual.

Illinois employers will need to understand and follow the CTRA laws and Right to Privacy in the Workplace laws. Employers should prepare specific written policies to address these new issues.


© 2020 Wilson Elser

ARTICLE BY David M. Holmes of Wilson Elser Moskowitz Edelman & Dicker LLP, with assistance from Gabriela C Herrera (Law Clerk-Chicago).
For more on the intersection of recreational cannabis & employment law, see the National Law Review Labor & Employment law section.

Facing Facts: Do We Sacrifice Security Out of Fear?

Long before the dawn of time, humans displayed physical characteristics as identification tools. Animals do the same to distinguish each other. Crows use facial recognition on humans.  Even plants can tell their siblings from unrelated plants of the same species.

We present our physical forms to the world, and different traits identify us to anyone who is paying attention. So why, now that identity theft is rampant and security is challenged, do we place limits on the easiest and best ID system available? Are we sacrificing future security due to fear of an unlikely dystopia?

In one of the latest cases rolling out of Illinois’ private right of action under the state’s Biometric Information Privacy Act (BIPA), Rogers v. BNSF Railway Company[1], the court ruled that a railroad hauling hazardous chemicals through major urban areas needed to change, and probably diminish, its security procedures for who it allows into restricted space. Why? Because the railroad used biometric security to identify authorized entrants, BIPA forces the railroad to receive the consent of each person authorized to enter restricted space, and because BIPA is not preempted by federal rail security regulations.

The court’s decision, based on the fact that federal rail security rules do not specifically regulate biometrics, is a reasonable reading of the law. However, with BIPA not providing exceptions for biometric security, BIPA will impede the adoption and effectiveness of biometric-based security systems, and force some businesses to settle for weaker security. This case illustrates how BIPA reduces security in our most vulnerable and dangerous places.

I can understand some of the reasons Illinois, Texas, Washington and others want to restrict the unchecked use of biometrics. Gathering physical traits – even public traits like faces and voices – into large searchable databases can lead to overreaching by businesses. The company holding the biometric database may run tests and make decisions based on physical properties.  If your voice shows signs of strain, maybe the price of your insurance should rise to cover risk that stress puts on your body. But this kind of concern can be addressed by regulating what can be done with biometric readings.

There are also some concerns that may not have the foundation they once had. Two decades ago, many biometric systems stored bio data as direct copies, so that if someone stole the file, that person would have your fingerprint, voiceprint or iris scan.  Now, nearly all of the better biometric systems store bio readings as algorithms that can’t be read by computers outside the system that took the sample. So some of the safety concerns are no longer valid.

I propose a more nuanced thinking about biometric readings. While requiring data subject consent is harmless in many situations, the consent regime is a problem for security systems that use biometric indications of identity. And these systems are generally the best for securing important spaces.  Despite what you see in the movies, 2019 biometric security systems can be nearly impossible to trick into false positive results. If we want to improve our security for critical infrastructure, we should be encouraging biometrics, not throwing hurdles in the path of people choosing to use it.

Illinois should, at the very least, provide an exception to BIPA for physical security systems, even if that exception is limited to critical facilities like nuclear, rail and hazardous shipping restricted spaces. The state can include limits on how the biometric samples are used by the companies taking them, so that only security needs are served.

The field of biometrics may scare some people, but it is a natural outgrowth of how humans have always told each other apart.  If limit its use for critical security, we are likely to suffer from the decision.

[1] 2019 WL 5699910 (N.D. Ill).


Copyright © 2019 Womble Bond Dickinson (US) LLP All Rights Reserved.

For more on biometric identifier privacy, see the National Law Review Communications, Media & Internet law page.

Chicago Workers to Earn $15 Minimum Wage by 2021

On Nov. 26, the Chicago City Council approved Mayor Lori Lightfoot’s proposal to increase the city’s minimum wage from $13 per hour to $15 per hour. This puts the Chicago minimum wage four years ahead of those mandated by the state of Illinois, which will not hit a minimum wage of $15 per hour until 2025. Our previous coverage of the Illinois minimum wage hike cited a 2017 report by the National Employment Law Project finding that 41 percent of all workers in Illinois currently earn less than $15 per hour.

Chicago’s minimum wage will increase in waves, first to $14 per hour on July 1, 2020 and then to $15 per hour on July 1, 2021. After that, it will rise annually with the consumer price index. For tipped workers, sub-minimum wages will increase to $8.40 per hour in 2020, up from the current $6.40 per hour, and to $9 per hour by 2021. Tipped wages will also increase annually after 2021, to remain at 60 percent of the minimum wage.

Mayor Lightfoot stated that these wage increases would address wage stagnation, affecting hundreds of thousands of workers, as the cost of living in Chicago continues to increase. It would likewise eliminate exemptions for disabled workers and minors. Specifically, employers will no longer be able to pay disabled residents below the minimum wage, starting in 2024. Workers below the age of 18 will receive a gradual increase in wages, starting at $10 an hour in 2020 and ultimately reaching $15 an hour by 2024, until the minimum wage exemption for minors is eliminated in 2025.

There is some relief for small employers, as employers with fewer than 20 workers will have until 2023 to increase wages to $15 per hour, and businesses with fewer than four employees are exempt from all increases, with a few exceptions.

Mayor Lightfoot cited support for her proposal from elected officials as well as labor and business leaders, but some employers are concerned that the higher wages will harm their businesses or force them to hire fewer workers. However, Mayor Lightfoot views her proposal as a compromise, as it keeps tipped workers below the minimum wage – a move the restaurant industry applauded. While employers are legally required to pay the difference if an employee’s tips do not add up to the minimum wage, workers’ advocates allege that this does not always happen in practice.

The minimum wage increases in Chicago and Illinois will have far-reaching consequences for employers and employees alike. Employers will need to adjust their budgets and financial projections to prepare for these anticipated wage increases. Employers should also consider reviewing their payroll practices, both to verify they will be paying the appropriate wage and overtime rates for employees affected by the minimum wage increases and to ensure their tipping practices comply with the new law.


© 2019 BARNES & THORNBURG LLP

More on minimum wage increases across the US, via the National Law Review Labor & Employment law page.

Job Applicant Pay History Inquiries Now Off-Limits in Illinois

As of September 29, 2019, Illinois employers may not ask job applicants or their prior employers about salary history. The change comes after Illinois Governor J.B. Pritzker signed an amendment to the Illinois Equal Pay Act of 2003.

The New Requirements

The Illinois Equal Pay Act of 2003 made it illegal to pay employees differently on the basis of sex or the employee’s status as an African American, subject to exceptions. The impetus behind the law is to address historic pay disparities for the same or substantially similar work. The amendment now takes the law a step further to address the practice of using pay histories of applicants to set wages (including benefits and other compensation). Specifically, the amendment makes the following additions to the Illinois Equal Pay Act of 2003:

  • Employers, including employment agencies, may not screen out applicants on the basis of their current or prior wage history by setting a maximum or minimum wage level that applicants must satisfy.
  • Employers may not request or require disclosure of an applicant’s wage history as a condition of employment.
  • More specifically, employers may not request or require disclosure of an applicant’s wage history as a condition of being considered for employment, being interviewed, continuing to be considered for employment, or receiving a job offer.
  • Employers may not seek the wage history of an applicant from any current or prior employer.

If an applicant voluntarily discloses his or her pay history this does not create a violation. However, the employer cannot then use the voluntarily disclosed pay history in consideration of employment, an offer of compensation, or setting future wages, benefits, and other compensation.

What Are Employers Permitted to Do?

While employers cannot look into the wage histories of applicants, they are still permitted to share salary and benefit information about the position the applicant seeks. Employers can also discuss salary expectations with applicants without running afoul of the law.

Employers with Illinois employees should review their recruitment and compensation practices, including paper applications and online forms, to remove any references and requests regarding an applicant’s pay history. Further, human resources employees should be trained on appropriate recruitment procedures for Illinois employees.


©2019 von Briesen & Roper, s.c

For more state salary history bans, see the National Law Review Labor & Employment law page.

Vimeo Hit with Class Action for Alleged Violations of Biometric Law

Vimeo, Inc. was sued last week in a class action case alleging that it violated the Illinois Biometric Information Privacy Act by “collecting, storing and using Plaintiff’s and other similarly situated individuals’ biometric identifiers and biometric information…without informed written consent.”

According to the Complaint, Vimeo “has created, collected and stored, in conjunction with its cloud-based Magisto service, thousands of “face templates” (or “face prints”)—highly detailed geometric maps of the face—from thousands of Magisto users.” The suit alleges that Vimeo creates these templates using facial recognition technology and “[E]ach face template that Vimeo extracts is unique to a particular individual, in the same way that a fingerprint or voiceprint uniquely identifies one and only one person.” The plaintiffs are trying to liken an image captured by facial recognition technology to a fingerprint by calling it a “faceprint.” Very creative in the wake of mixed reactions to the use of facial recognition technology in the Facebook and Shutterfly cases.

The suit alleges “users of Magisto upload millions of videos and/or photos per day, making videos and photographs a vital part of the Magisto experience….Users can download and connect any mobile device to Magistoto upload and access videos and photos to produce and edit their own videos….Unbeknownst to the average consumer, and in direct violation of…BIPA, Plaintiff…believes that Magisto’s facial recognition technology scans each and every video and photo uploaded to Magisto for faces, extracts geometric data relating to the unique points and contours (i.e., biometric identifiers) of each face, and then uses that data to create and store a template of each face—all without ever informing anyone of this practice.”

The suit further alleges that when a user uploads a photo, the Magisto service creates a template for each face depicted in the photo, and compares that face with others in its face database to see if there is a match. According to the Complaint, the templates are also able to recognize gender, age and location and are able to collect biometric information from non-users. All of this is done without consent of the individuals, and in alleged violation of BIPA.

Although we previously have seen some facial recognition cases alleging violation of BIPA, and there are numerous cases alleging violation of BIPA for collection of fingerprints in the employment setting, this case is a little different from those, and it will be interesting to watch.



Copyright © 2019 Robinson & Cole LLP. All rights reserved.
For more on biometrics & privacy see the National Law Review Communications, Media & Internet law page.

Facebook “Tagged” in Certified Facial Scanning Class Action

Recently, the Ninth Circuit Court of Appeals held that an Illinois class of Facebook users can pursue a class action lawsuit arising out of Facebook’s use of facial scanning technology. A three-judge panel in Nimesh Patel, et al v. Facebook, Inc., Case No. 18-15982 issued an unanimous ruling that the mere collection of an individual’s biometric data was a sufficient actual or threatened injury under the Illinois Biometric Information Privacy Act (“BIPA”) to establish standing to sue in federal court. The Court affirmed the district court’s decision certifying a class. This creates a significant financial risk to Facebook, because the BIPA provides for statutory damages of $1,000-$5,000 for each time Facebook’s use of facial scanning technology was used in the State of Illinois.

This case is important for several reasons. First, the decision recognizes that the mere collection of biometric information may be actionable, because it creates harm to an individual’s privacy. Second, the decision highlights the possible extraterritorial application of state data privacy laws, even those that have been passed by state legislatures intending to protect only their own residents. Third, the decision lays the groundwork for a potential circuit split on what constitutes a “sufficiently concrete injury” to convey standing under the U.S. Supreme Court’s landmark 2016 decision in Spokeo, Inc. v. Robins, 136 S. Ct. 1540 (2016). Fourth, due to the Illinois courts’ liberal construction and interpretation of the statute, class actions in this sphere are likely to continue to increase.

The Illinois class is challenging Facebook’s “Tag Suggestions” program, which scans for and identifies people in uploaded photographs for photo tagging. The class plaintiffs alleged that Facebook collected and stored biometric data without prior notice or consent, and without a data retention schedule that complies with BIPA. Passed in 2008, Illinois’ BIPA prohibits gathering the “scan of hand or face geometry” without users’ permission.

The district court previously denied Facebook’s numerous motions to dismiss the BIPA action on both procedural and substantive grounds and certified the class. In moving to decertify the class, Facebook argued that any BIPA violations were merely procedural and did not amount to “an injury of a concrete interest” as required by the U.S. Supreme Court’s landmark 2016 decision in Spokeo, Inc. v. Robins, 136 S. Ct. 1540 (2016).

In its ruling, the Ninth Circuit determined that Facebook’s use of facial recognition technology without users’ consent “invades an individual’s private affairs and concrete interests.” According to the Court, such privacy concerns were a sufficient injury-in-fact to establish standing, because “Facebook’s alleged collection, use, and storage of plaintiffs’ face templates here is the very substantive harm targeted by BIPA.” The Court cited with approval Rosenbach v. Six Flags Entertainment Corp., — N.E.3d —, 2019 IL 123186 (Ill. 2019), a recent Illinois Supreme Court decision similarly finding that individuals can sue under BIPA even if they suffered no damage beyond mere violation of the statute. The Ninth Circuit also suggested that “[s]imilar conduct is actionable at common law.”

On the issue of class certification, the Ninth Circuit’s decision creates a precedent for extraterritorial application of the BIPA. Facebook unsuccessfully argued that (1) the BIPA did not apply because Facebook’s collection of biometric data occurred on servers located outside of Illinois, and (2) even if BIPA could apply, individual trials must be conducted to determine whether users uploaded photos in Illinois. The Ninth Circuit rejected both arguments. The Court determined that (1) the BIPA applied if users uploaded photos or had their faces scanned in Illinois, and (2) jurisdiction could be decided on a class-wide basis. Given the cross-border nature of data use, the Court’s reasoning could be influential in future cases where a company challenges the applicability of data breach or data privacy laws that have been passed by state legislatures intending to protect their own residents.

The Ninth Circuit’s decision also lays the groundwork for a potential circuit split. In two cases from December 2018 and January 2019, a federal judge in the Northern District of Illinois reached a different conclusion than the Ninth Circuit on the issue of BIPA standing. In both cases, the Northern District of Illinois ruled that retaining an individual’s private information is not a sufficiently concrete injury to satisfy Article III standing under Spokeo. One of these cases, which concerned Google’s free Google Photos service that collects and stores face-geometry scans of uploaded photos, is currently on appeal to the Seventh Circuit.

The Ninth Circuit’s decision paves the way for a class action trial against Facebook. The case was previously only weeks away from trial when the Ninth Circuit accepted Facebook’s Rule 23(f) appeal, so the litigation is expected to return to the district court’s trial calendar soon. If Facebook is found to have violated the Illinois statute, it could be held liable for substantial damages – as much as $1000 for every “negligent” violation and $5000 for every “reckless or intentional” violation of BIPA.

BIPA class action litigation has become increasingly popular since the Illinois Legislature enacted it: over 300 putative class actions asserting BIPA violations have been filed since 2015. Illinois’ BIPA has also opened the door to other recent state legislation regulating the collection and use of biometric information. Two other states, Texas and Washington, already have specific biometric identifier privacy laws in place, although enforcement of those laws is accomplished by the state Attorney General, not private individuals. A similar California law is set to go into effect in 2020. Legislation similar to Illinois’ BIPA is also currently pending in several other states.

The Facebook case will continue to be closely watched, both in terms of the standing ruling as well as the potential extended reach of the Illinois law.


© Polsinelli PC, Polsinelli LLP in California

For more in biometric data privacy, see the National Law Review Communications, Media & Internet law page.

Chicago and Cook County Amusement Tax

In previous posts, we have explored several local Illinois taxes, including the Chicago Personal Property Lease Transaction Tax and Cook County Parking Lot Tax. Also notable is the Chicago and Cook County Amusement Tax, which can apply more broadly than taxpayers often anticipate. Specifically the scope of the amusement tax has been expanded over the last few years to non-traditional amusements, including electronically transferred television shows, movies, videos, music, and games.

Imposition of The Amusement Tax

Although the Chicago and Cook County amusement tax are imposed similarly on taxpayers, they are independently administered taxes that feature key differences. Both the Chicago Amusement Tax Ordinance (“Chicago Ordinance”) and Cook County Amusement Tax Ordinance (“Cook County Ordinance”) impose the tax “upon the patrons of every amusement” within the city or county, but require the owner, manager, or operator of the amusement to collect the tax from each patron and remit the tax to the Chicago Department of Finance (“Chicago Department”) or the Cook County Department of Revenue (“Cook County Department”).[1] Further, both Ordinances define “amusement” as “any exhibition, performance, presentation or show for entertainment purposes”.[2]

Where the Chicago and Cook County Ordinances deviate, however, are the examples used to define “amusement”, the rates of tax, and applicable exemptions. For example, although the Ordinances provide similar examples of qualifying amusements, including a motion picture show, athletic contest, or any theatrical, musical or spectacular performance, the Chicago Ordinance also includes “paid television programming” viewed within or outside the home.[3] In contrast, the County Ordinance does not include such language. Additionally, whereas the Chicago Ordinance imposes the amusement tax at a rate of 9 percent of the admission fees or other charges paid for the privilege to enter, witness, view or participate in the amusement, the County Ordinance imposes the tax at a rate of 3 percent (unless a lower rate applies, as addressed below).[4]

Further, the Chicago and Cook County Ordinances often exempt different activities. For example, although both Ordinances exempt admission fees to witness in person “live theatrical, live musical or other live cultural performances that take place in any auditorium, theater or other space”[5] with a certain limited capacity (“Small Venue Exemption”), the Ordinances include a different capacity limitation. Under the Chicago Ordinance, the Small Venue Exemption renders the amusement tax inapplicable where the maximum capacity of the venue, including all balconies and all sections, is not more than 1,500 persons.[6] In contrast, under the Cook County Ordinance, the Small Venue Exemption only applies where the venue has a capacity of not more than 750 persons.[7] Further, if the venue has a capacity of more than 750 persons, but fewer than 5,000 persons, the Cook County amusement tax applies at a rate of 1 percent rather than the general rate of 3 percent.[8] This serves as a notable example of where the Ordinances may appear to be substantially similar but in fact feature key differences. Additionally, whereas the City clarified in a 2004 Amusement Tax Ruling that “primarily educational” activities are not taxable amusements, Cook County has not released similar guidance.[9] The result is that depending on the nature of the activity, amusement tax may apply in one but not both jurisdictions.

Identifying Taxable “Admission Fees”

A contested issue in applying the amusement tax in both Chicago and Cook County is the amount that compromises the taxable “admission fees or other charges paid for the privilege to enter, witness, view” such amusement.[10] For example, in 2014, the Illinois Court of Appeals held that under the Cook County Ordinance, for club seats and luxury suites to Chicago Bears home football games, “admission fees or other charges” include the amenities available to holders of club seat tickets and tangible personal property included in the luxury suite admission price, not just the value of the home seat games.[11] The Court determined that because a fan cannot witness a game from a club seat without paying the club privilege fee and annual licensing fee, it is not possible to separate the “other charges” from the fee paid to enter the stadium.[12] As a result, the Illinois Appellate Court determined the full price paid by club seat holders and luxury suite licensees is subject to the County’s amusement tax. This decision may lead to efforts by the Chicago Department and Cook County Department to expand a taxpayer’s taxable base beyond the mere value of a “seat”. For example, both the County and the City have been aggressive in their application of the amusement tax to service fees despite clear language in the Ordinances that exempts separately stated optional charges.[13]

Expanding the Scope to Electronically Transferred Amusements

The Chicago Department has recently become aggressive in its expansion of the scope of the Chicago Ordinance. In a 2015 Amusement Tax Ruling, the Chicago Department asserted that the amusement tax is imposed “not only [on] charges paid for the privilege to witness, view or participate in amusements in person but also charges paid for the privilege to witness, view or participate in amusements that are delivered electronically.”[14] As a result, the Chicago Department intended to clarify that the Chicago amusement tax applies to fees or charges for the following if delivered in the City: (1) watching electronically delivered television shows, movies or videos; (2) listening to electronically delivered music; and (3) participating in games, on-line or otherwise.[15] Although treated with resistance by taxpayers[16], the implication is that the City Department has the authority to impose the amusement tax on users of streaming services such as Netflix and Spotify, and online gaming, such as PlayStation. Following the Mobile Telecommunication’s Sourcing Conformity Act[17], the amusement tax applies to customers whose residential street address or primary business address is in Chicago, as reflected by their credit card billing address, zip code or other reliable information.[18]

Further, as explored briefly above, the Chicago Ordinance treats “paid television programming” as a taxable amusement.[19] “Paid television” means programming that can be viewed on a television or other screen, and is transmitted by cable, fiber optics, laser, microwave, radio, satellite or similar means to members of the public for consideration.[20] Additionally, an “owner” includes “any person operating a community antenna television system or wireless cable television system, or any other person receiving consideration from the patron for furnishing, transmitting, or otherwise providing access to paid television programming.”[21]

In 2014, the Chicago Department began auditing and assessing amusement tax on a number of restaurants and bars located through the City who subscribed to paid satellite television programming and who did not collect the amusement tax[22]. In a move to clarify the application of the tax, in November 2016, the Chicago Department released an Informational Bulletin that provided additional information to business subscribers of satellite television regarding their obligation to collect and remit the Chicago amusement tax. As a result, bars, restaurants and any other businesses that subscribe to satellite television are required to remit the Chicago amusement tax on charges paid for satellite television services used in Chicago.

Applicability to Ticket Resellers and Agents

An area of uncertainty within both the Chicago and Cook County amusement tax is the potential applicability to ticket resellers and agents. The issue dates back to 2006 when the Chicago Department amended the Chicago Ordinance to require not only a “reseller” but also a “reseller’s agent” to collect and remit amusement tax.[23]This amendment set the stage for the Chicago Department to attempt to collect the tax from StubHub as a reseller’s agent. StubHub is an internet auction listing service that operates a “platform” where it charges buyers and sellers a fee to buy and sell ticket to various events.

On appeal to the Illinois Supreme Court, the Court entered a significant decision for online auctioneers, holding that municipalities may not require electronic intermediaries to collect and remit amusement taxes on resold tickets.[24] The basis of the Court’s ruling is that although the Illinois Ticket Sale and Resale Act (the “Act”) [25]gives municipalities the authority to require sellers and resellers of tickets to collect the amusement tax, municipalities do not have the authority to require internet auction listing services, such as StubHub, to collect the tax.[26] Although both the Chicago and Cook County Ordinance still define an “operator” as a person who “sells or resells a ticket”, the Stubhub decision resulted in the removal of the term “reseller’s agent” and “auctioneer” from the Chicago Ordinance.[27]

Conclusion

Although the Chicago and Cook County amusement tax are similarly imposed, there are notable differences between the applicability of the Chicago and Cook County Ordinances. These differences are particularly noteworthy with respect to potential exemptions and electronically transferred amusements. Accordingly, taxpayers should not assume that because the amusement tax applies in one locality, it applies in both Chicago and Cook County.


[1] Municipal Code of Chicago (“M.C.C.”) § 4-156-020(A), 4-146-030(A); Cook County Ordinance (“C.C.O.”) § 74-392(a), 74-395(a).

[2] M.C.C. § 4-156-010; C.C.O. § 74-391.

[3] M.C.C. § 4-156-010.

[4] M.C.C. § 4-156-020; C.C.O. § 74-392.

[5] The Chicago and Cook County Ordinance define “live theatrical, live musical or other live cultural performance” identically as a “live performance in any of the disciplines which are commonly regarded as part of the fine arts, such as live theater, music, opera, drama, comedy, ballet, modern or traditional dance, and book or poetry readings. The term does not include such amusements as athletic events, races, or performances conducted as adult entertainment cabarets.” M.C.C. § 4-156-010; C.C.O. § 74-391. In this regard, the Chicago Department and Cook County Department appear to play the role of an art critic, defining which activities qualify as “fine arts”. See a prior post exploring the issue in the context of disc jockeys.

[6] M.C.C. § 4-156-020(D).

[7] C.C.O. § 74-392(d).

[8] C.C.O. § 74-392(f)(1).

[9] Chicago Amusement Tax Ruling #1, ¶ 2.

[10] M.C.C. § 4-156-020; C.C.O. § 74-392.

[11] Chi. Bears Football Club v. Cook County Dep’t of Revenue, 16 N.E.3d 827, 835 (2014).

[12] Id. at 834. In determining the full price paid by club seat ticket holders and luxury suite licensees is subject to the amusement tax, the Court affirmed the reasoning of the court in Stasko v. City of Chicago, 997 N.E.2d 975, 993 (2013)(holding that the Chicago Ordinance applied because purchasing the permanent seat license was a prerequisite to viewing the game).

[13] M.C.C. § 4-156-020(H); C.C.O. § 74-392(e)(3).

[14] Chicago Amusement Tax Ruling #5.

[15] Chicago Amusement Tax Ruling #5, ¶ 8.

[16] The Chicago amusement tax, as it applies to certain electronically delivered amusements, such as paid television, was challenged but held by the Cook County Circuit Court to be constitutional in Labell v. City of Chicago, Case No. 15 CH 13399 (Cook Cnty. Cir. Ct. May 24, 2018). In this application, the amusement tax is often derisively referred to as the “ Cloud Tax” or the “Netflix Tax“.

[17] 35 ILCS 638.

[18] Chicago Amusement Tax Ruling #5, ¶ 13.

[19] M.C.C. § 4-156-010.

[20] Id.

[21] Id.

[22] For additional background regarding the Department’s efforts to collect the Chicago amusement tax from satellite providers, see a prior post.

[23] Under the Chicago Ordinance, a reseller’s agent is a “person who, for consideration, resells a ticket on behalf of the ticket’s owner or assists the owner in reselling the ticket. The term includes but is not limited to an auctioneer, a broker or a seller of tickets for amusements, as those terms are used in 65 ILCS 5/11-42-1, and applies whether the ticket is resold by bidding, consignment or otherwise, and whether the ticket is resold in person, at a site on the Internet or otherwise.” M.C.C. § 4-156-010 (amended May 24, 2006).

[24] City of Chicago v. Stubhub, Inc., 979 N.E.2d 844, 845 (2011).

[25] 720 ILCS 375/0.01 et seq. (2010).

[26] Stubhub, Inc., 979 N.E.2d at 857.

[27] M.C.C. § 4-156-010; C.C.O. § 74-391.

 

© Horwood Marcus & Berk Chartered 2019. All Rights Reserved.

Six Flags Raises Red Flags: Illinois Supreme Court Weighs In On BIPA

On January 25, the Illinois Supreme Court held that a person can seek liquidated damages based on a technical violation of the Illinois Biometric Information Privacy Act (BIPA), even if that person has suffered no actual injury as a result of the violation. Rosenbach v. Six Flags Entertainment Corp. No. 123186 (Ill. Jan. 25, 2019) presents operational and legal issues for companies that collect fingerprints, facial scans, or other images that may be considered biometric information.

As we have previously addressed, BIPA requires Illinois businesses that collect biometric information from employees and consumers to, among other things, adopt written policies, notify individuals, and obtain written releases. A handful of other states impose similar requirements, but the Illinois BIPA is unique because it provides individuals whose data has been collected with a private right of action for violations of the statute.

Now, the Illinois Supreme Court has held that even technical violations may be actionable.  BIPA requires that businesses use a “reasonable standard of care” when storing, transmitting, or protecting biometric data, so as to protect the privacy of the person who provides the data. The rules are detailed. Among other things, BIPA requires businesses collecting or storing biometric data to do the following:

  • establish a written policy with a retention schedule and guidelines for permanently destroying biometric identifiers and biometric information;
  • notify individuals in writing that the information is being collected or stored and the purpose and length of time for which the biometric identifier will be collected, stored, and used;
  • obtain a written release from the individual; and
  • not disclose biometric information to a third party without the individual’s consent.

The Illinois Supreme Court has now held that a plaintiff may be entitled to up to $5,000 in liquidated damages if a company violates any of these requirements, even without proof of actual damages.

In Rosenbach, the plaintiff’s son’s fingerprint was scanned so that he could use his fingerprint to enter the Six Flags theme park under his season pass. Neither the plaintiff nor her son signed a written release or were given written notice as required by BIPA. The plaintiff did not allege that she or her son suffered a specific injury but claimed that if she had known that Six Flags collected biometric data, she would not have purchased a pass for her son. The plaintiff brought a class action on behalf of all similarly situated theme park customers and sued for maximum damages ($5,000 per violation) under BIPA. The Illinois appellate court held that plaintiff could not maintain a BIPA action because technical violations did not render a party “aggrieved,” a key element of a BIPA claim.

In a unanimous decision, the Illinois Supreme Court disagreed. The court held that “an individual need not allege some actual injury or adverse effect, beyond violation of his or her rights under the Act, in order to qualify as an ‘aggrieved’ person and be entitled to seek liquidated damages and injunctive relief pursuant to the Act.” Even more pointedly, the court held that when a private entity fails to comply with BIPA’s requirements regarding the collection, retention, disclosure, and destruction of a person’s biometric identifiers or biometric information, that violation alone – in the absence of any actual pecuniary or other injury—constitutes an invasion, impairment, or denial of the person’s statutory rights.

This decision – along with the 200 class actions already filed – shows how important it is for vendors and companies using fingerprint timeclocks or other technologies that may collect biometric information to be aware of BIPA’s requirements.

 

© 2019 Schiff Hardin LLP

Scan Your Practices: Illinois Supreme Court to Resolve Biometric Privacy Standard

Fingerprinting, retina scans, and voiceprints – practices once reserved for FBI agents, criminals, and Jason Bourne – are now widely used by companies of all sizes. These “biometric identifiers” are collected, often by employers, to provide for workplace efficiencies such as clocking time and ensuring secure access to sensitive locations. Or they may be used by businesses looking to track and identify customers. Whatever the case may be, collection and use of biometric identifiers are landing companies in legal hot water.

There has been a frenzy of class action lawsuits filed under the Illinois Biometric Information Privacy Act (BIPA) in recent weeks, in anticipation of a pending decision from the Illinois Supreme Court regarding the statute’s scope. BIPA provides a roadmap for how to lawfully gather, store, and destroy biometric data. When companies flout these requirements, they expose themselves to legal liability.

Compliance with BIPA is not terribly difficult. A private entity must: 1) develop a written policy, available to the public, that establishes a retention schedule and guidelines for permanently destroying biometric data; 2) provide information to the subject in writing, and obtain a written release before collecting and using biometric information; 3) safely store and prevent disclosure or dissemination of the biometric data to unauthorized third parties; and 4) destroy the biometric data when there is no longer a reason for keeping it, or within three years of the individual’s last interaction with the entity, whichever comes first.

The statute provides that “any person aggrieved by a violation” of these rules can bring suit. The tricky question, which the Illinois Supreme Court will soon answer, is who is a person aggrieved? Is someone aggrieved if a private entity technically violates the statute, but does not otherwise cause harm to the individual through unauthorized dissemination or disclosure of his or her biometric data? If a company forgets to obtain written authorization, but otherwise posts appropriate notices and protects the security of the data, are its employees or customers aggrieved persons?

The answer once appeared favorable to companies. In Rosenbach v. Six Flags Entertainment Corporation, the Second District Appellate Court held that “a plaintiff who alleges only a technical violation of the statute without alleging some injury or adverse effect is not an aggrieved person” under BIPA. In other words, technical violations of the statute, without any accompanying harm, did not pave the way for litigation.

At the end of 2018, however, the First District Appellate Court, in Sekura v. Krishna Schaumburg Tan, Inc., signaled a more relaxed, plaintiff-friendly standard by agreeing that an injury to a privacy right may be enough to maintain a lawsuit. Though that case also involved allegations of actual harm (unauthorized disclosure of the data to third parties), it created a fissure and undermined whatever comfort came from knowing that technical violations alone would not produce viable lawsuits. And, while the federal courts sitting in Illinois continue to dismiss these cases for lack of constitutional standing, the majority of BIPA cases are filed and remain in state court, where state precedent controls. Companies will seldom find themselves in the more favorable federal venue.

Meanwhile, the plaintiffs in Rosenbach appealed to the Illinois Supreme Court, which heard oral arguments on this issue at the end of November 2018. The central question the court will soon answer is what type of harm must be alleged in order for a plaintiff to maintain suit under BIPA: Are allegations of mere technical violations enough, or must a plaintiff allege a more particular harm? BIPA aficionados across the state are waiting with bated breath to learn the answer.

In the meantime, companies would be wise to review their biometric data notification, collection, storage, and destruction practices. In many ways, regardless of Rosenbach’s outcome, companies need to be extremely vigilant in deciding whether to collect biometric data in the first place and, if so, in developing and implementing careful practices to ensure full compliance with BIPA. Even if the Illinois Supreme Court ultimately concludes that technical violations alone are not actionable, shrewd plaintiffs and their attorneys will not hesitate to articulate allegations of harm beyond mere technicalities. Now is the time to scan your practices.

 

© 2019 Much Shelist, P.C.
This post was written by Laura A. Elkayam and James L. Wideikis of Much Shelist, P.C.
Read more on emerging employment law issues at the National Law Review’s Employment Law Resources Page.