DAL Global Services LLC , an aviation ground handling service provider, was hit with a proposed biometric privacy class action in April of this year in the U.S. District Court for the Northern District of Illinois. This week the court ruled that the class action may proceed after the court ruled that the plaintiff’s claims were not preempted by other state and federal laws as argued by DAL.

Plaintiff, Eric Nseumen, brought claims against DAL, his former employer, for alleged violations of the Biometric Information Privacy Act (BIPA). Nseumen claimed that DAL violated BIPA by collecting his biometric data as part of its timekeeping system during his employment as a forklift operator at Chicago O’Hare International Airport without first obtaining consent. However, DAL argued that BIPA is preempted by the Airline Deregulation Act and the Illinois Workers’ Compensation Act.

District Judge Matthew F. Kennelly explained in his decision that the Airline Deregulation Act prohibits states from enacting or enforcing laws that have the “force and effect” of law related to “a price, route, or service of an air carrier that may provide air transportation.” (emphasis added). While DAL argued that this preempted BIPA, Judge Kennelly disagreed: “BIPA does not expressly refer in any way, shape, or form to airline-related services [. . .] [a]nd its impact on DAL’s services or prices is, at most, remote.”

Further, Judge Kennelly also rejected DAL’s argument that the Illinois Workers’ Compensation Act barred BIPA claims, holding “Extended analysis is unnecessary; the Court agrees on this point with its colleagues, who as best as the Court can determine have uniformly rejected similar arguments regarding BIPA claims by employees.”

This is yet another warning to employers to determine what biometric data collection laws apply to them and to determine what they must do to comply (such as getting prior consent) with those laws.

Photo of Kathryn Rattigan Kathryn Rattigan

Kathryn Rattigan is a member of the Business Litigation Group and the Data Privacy+ Cybersecurity Team. She concentrates her practice on privacy and security compliance under both state and federal regulations and advising clients on website and mobile app privacy and security…

Kathryn Rattigan is a member of the Business Litigation Group and the Data Privacy+ Cybersecurity Team. She concentrates her practice on privacy and security compliance under both state and federal regulations and advising clients on website and mobile app privacy and security compliance. Kathryn helps clients review, revise and implement necessary policies and procedures under the Health Insurance Portability and Accountability Act (HIPAA). She also provides clients with the information needed to effectively and efficiently handle potential and confirmed data breaches while providing insight into federal regulations and requirements for notification and an assessment under state breach notification laws. Prior to joining the firm, Kathryn was an associate at Nixon Peabody. She earned her J.D., cum laude, from Roger Williams University School of Law and her B.A., magna cum laude, from Stonehill College. She is admitted to practice law in Massachusetts and Rhode Island. Read her full rc.com bio here.