Amazon Sued Over Illegal Storage of Employee Biometric Data

Lawyers from the firm of McGuire Law P.C. of Chicago filed a class action complaint on November 15, against Amazon Web Services (AWS) accusing AWS of violating the Illinois Biometric Privacy Act (BIPA).  

This lawsuit is the latest in a series of BIPA violation suits filed against major enterprises across the state of Illinois. The act aims to defend the individual from having their biometric data recorded, saved, or used without their signed consent. 

The lawsuit specifically targets the storage provided by AWS on its server network for employers and other “commercial customers” who have scanned and captured so-called biometric data from employees, customers, and others. 

According to the complaint, “Defendant (AWS) stores a myriad of types of data on behalf of a wide range of customers spanning virtually every industry sector.” “Notably, Defendant (AWS) also offers cloud storage services for businesses that handle biometric identifiers and biometric information. For example, some of the Defendant’s customers are commercial businesses that require their employees to provide their biometrics, e.g. fingerprints, to check-in and out of their shifts at work.”

The lawsuit alleges that AWS “converts this information into usable formats and mediums for its customers.”

Over the course of the last few years, the 2008 BIPA law has been used to target giant tech companies like Google and Facebook over facial recognition programs. But it has fundamentally been focused against employers across all spectrum of industries who demand biometric data from their workers. This biometric data can be in the form of fingerprint scans or other biometric modalities in order to verify the identity of the worker when punching a time clock for work shifts or when obtaining sensitive data or secured areas.