Rebuffing Biometric Privacy Class Actions With Preemption Challenges

Aug. 9, 2021, 8:01 AM

The scope of liability exposure from alleged violations of the Illinois Biometric Information Privacy Act (BIPA), as well as the frequency of BIPA class action filings, have increased drastically since the Illinois Supreme Court’s seminal 2019 decision in Rosenbach v. Six Flags Ent. Corp., ruling that a plaintiff is aggrieved under BIPA without alleging an actual injury.

During this time, preemption has emerged as a vital defense for defendants.

Several district court opinions underscore the strength of the preemption defense in BIPA class action litigation, and a recent case—Carmean v. Bozzuto Mgmt. Co.provides important takeaways for defendants with unionized workforces.

Trevor Carmean, a former employee of a condominium building in Chicago, sued his prior employers for alleged BIPA violations in connection with the use of employee biometric data for time and attendance purposes. Carmean and other building employees were members of a union, their “exclusive collective bargaining agent” under the collective bargaining agreement (CBA) between the union and the defendants.

The property management employers filed a motion to dismiss, asserting that Carmean’s BIPA suit was barred by preemption.

The district court held that because resolution of the dispute required an interpretation of the CBA’s management rights clause, Carmean’s BIPA claims were completely preempted by Section 301 of the Labor Management Rights Act (LMRA)—prompting the court to dismiss the suit in its entirety.


The Carmean suit is by no means the first BIPA action to be dismissed based on preemption. Illinois federal courts have also dismissed each of the following BIPA suits on preemption grounds: Frisby v. Sky Chefs Inc.; Crooms v. Southwest Airlines Co.; Peatry v. Bimbo Bakeries Inc.; and Gray v. Univ. of Chicago Medical Center Inc.

In those actions, courts have relied on the Seventh Circuit’s decision in Miller v. Southwest Airlines Co. to dismiss BIPA actions brought by unionized workers on the basis of preemption.

In Miller, the Seventh Circuit held an adjustment board—not a federal court—was required to decide if Southwest Airlines’ union had consented to the use and collection of employee biometric data. The Miller court reasoned the question of consent necessarily involved an interpretation of the CBA, which must be resolved by an adjustment board under the Railway Labor Act (RLA).

Since then, courts have extended the reasoning of Miller to Section 301 of the LMRA—which also preempts state law claims founded on rights created by CBAs or substantially dependent on the analysis of a CBA—as the preemption standards under the two statutes are virtually identical.

On this issue, the Carmean court found Miller to be dispositive, as a determination of whether the defendants violated BIPA turned on the extent to which the plaintiff’s union, through the CBA’s management rights clause, consented to the use, retention, and disclosure of the building employees’ biometric information.

In addition, the court also rejected Carmean’s attempt to distinguish his suit from Miller by arguing that Miller involved preemption under the RLA, not the LMRA, noting the identical nature of the RLA and LMRA preemption standards.

Practical Tips & Best Practices

Collective Bargaining Process

Unionized employers should ensure the proper steps are taken during the collective bargaining process to preserve the ability to assert a preemption challenge in the event the employer’s biometrics practices are tested in court.

As an initial matter, employers should give unequivocal, advance notice to union representatives of any intent to incorporate the use of biometric data into their operations. Employers should also thoroughly address the issues of BIPA notice and consent during collective bargaining negotiations as well.

Issues of notice and consent should also be addressed in the employer’s written CBA with the union, including clear language in the CBA establishing that the union has consented to the company’s use of its employees’ biometric data for business purposes.

Approached properly, unionized companies that leverage the benefits of biometrics in their business operations can provide themselves with a powerful defense against BIPA class actions in the event they are so targeted.

Evaluate Defense

In the event a unionized employer is sued for purported BIPA violations, the employer and its biometric privacy counsel must undertake a prompt evaluation to determine whether preemption can be raised to facilitate a quick exit from the litigation.

Employers and their counsel should determine whether the defendant can establish that resolution of the plaintiff’s BIPA claims require interpretation of the employer’s CBA, namely with respect to whether the plaintiff’s union consented to the collection of biometric data on its employees’ behalf, such that the claims are preempted by the LMRA or RLA.

If so, the defendant should pursue an early motion to dismiss asserting preemption as a basis for the complete dismissal of the BIPA action in its entirety—which should allow the employer to defeat the suit at an early stage in the litigation.

Companies that collect, use, and store biometric data can expect to see a high volume of BIPA class action filings for the foreseeable future. With that said, as the Carmean decision shows, preemption challenges can play a powerful role in defeating a wide variety of class action suits filed for purported violations of Illinois’ biometric privacy law.

This column does not necessarily reflect the opinion of The Bureau of National Affairs, Inc. or its owners.

Write for Us: Author Guidelines

Author Information

David J. Oberly is an attorney in the Cincinnati office of Blank Rome LLP and is a member of the firm’s Biometric Privacy, Privacy Class Action Defense, and Cybersecurity & Data Privacy groups. His practice encompasses defending clients in high-stakes litigation, and counseling and advising clients on a wide range of privacy, data security and cybersecurity matters.

To read more articles log in. To learn more about a subscription click here.