Pepsi Faces Biometric Privacy Suit Over Employee Voiceprints

PepsiCo Inc. has been hit with a proposed class action alleging its collection and storage of workers’ voice data broke Illinois’ biometric privacy law.

William Hoskin, a former employee at Pepsi’s Chicago distribution center, was never informed by the soda maker that the voice recognition software he was required to use at work was being accessed and managed by the company, he claimed in a complaint filed Tuesday in the US District Court for the Southern District of New York.

This allegation, if true, would put the New York-based company at odds with Illinois’ Biometric Information Privacy Act, or BIPA. The first-of-its-kind state law requires companies operating in the state to inform consumers and employees and receive their consent before collecting biometric identifying information such as a fingerprint or a voiceprints.

Hoskin brought the proposed class action on behalf of all Illinois citizens employed by Pepsi whose voiceprints were obtained by the company. It’s a number of employees the complaint estimated to be “in the thousands.”

Hoskin’s voiceprints were collected through Honeywell International Inc.'s Vocollect Technology, which included a headset and a mobile device that employees clipped to their belts, according to the complaint. He and other distribution center employees designated as “pickers” used the technology while they picked and packaged items for customers.

The software functioned as a “biometric timeclock system” that clocked them in and out of work and provided them shift assignments, the complaint said.

Pepsi employees do explain in the company’s “Realistic Job Preview” video that the headset provides workers prompts and instructions, but Hoskin denies that he gave consent, written or otherwise, for the company to then manage his voice template, according to the suit.

The complaint cited a statement from a Honeywell Voice engineering director, Lori Pike,that when workers train templates on these devices, “we’re collecting how they speak.” The lawsuit noted the accuracy of the software, saying that if another employee tried to use Hoskin’s headset after he had logged in with his voiceprint, the device wouldn’t respond.

The lawsuit also alleged that Pepsi did not create a “retention and deletion schedule” for destroying the biometric data it collected and possessed through the Honeywell software, another BIPA requirement.

Voiceprint biometric data involves serious risks, the complaint said. If a device or database is exposed and voiceprints are hacked, identity theft and unauthorized tracking could occur, it said.

Pepsi didn’t immediately respond to a request for comment.

Hoskin requested a jury trial, as well as punitive damages and equitable monetary relief. He is represented by Bursor & Fisher, P.A.

The case is Hoskin v. PepsiCo Inc., S.D.N.Y., No. 7:23-cv-06413, 7/25/23.