White Castle collecting burger slingers' fingerprints looks like a $17B mistake
Wow Harold, you could buy, like, 23 billion sliders with that
American burger-slinging giant White Castle is almost certainly regretting its decisions about employee monitoring after the Illinois Supreme Court Friday issued an opinion opening the fast "food" corp up to potentially billions in fines.
In what we imagine was a gut-wrenching decision for White Castle's legal team, the court ruled [PDF] in a 4-3 decision that White Castle could be held accountable for every instance in which it scanned the fingerprints of its 9,500 employees without their consent.
Illinois has required companies to obtain permission before collecting or transmitting an individual's biometric data since 2008. The fine for failing to do so was between $1,000 and $5,000 per infraction, depending on the circumstances.
The case, brought by an Illinois woman who began working at White Castle in 2004, involves the use of workers' fingerprints to access pay stubs and company computers, which she said were implemented shortly after she joined.
The possibly very expensive issue at the center of the case is whether private entities — in this case the burger-slinging chain — are liable every time they collected a person's biometric data without their consent. According to court documents, White Castle only obtained permission to use its employees' fingerprints in 2018, a decade after the bill was signed.
- EU lawmakers argue against signing US data pact
- The Pentagon is shockingly bad at managing its employee smartphones
- Man wrongly jailed by facial recognition, lawyer claims
- Amnesty International Canada claims attack by China-backed forces
In court, White Castle argued that it was only on the hook for the first instance in which it collected its workers' fingerprints, and not for every instance of an employee swiping their finger to sign in for work or access records.
However, the plaintiffs in the case had maintained that the company should be held accountable for every fingerprint it had collected in the 10 years it violated state law. That could leave a bad taste in the mouth.
Any hopes the court would let the issue slide were dashed after the justices found White Castle's interpretation of the law unappetizing. The company estimates it could pay as much as $17 billion — or by our estimate, 23 billion classic sliders — as a result of the decision.
However, there remains a chance White Castle will shake the worst of the fines. While the State Supreme Court has issued an opinion on the matter, the case isn't over. And as the justices noted in their analysis, the presiding judge would possess the authority to fashion a damage award that fairly compensated class members, while deterring future violations, without the threat of what White Castle's lawyers described as "annihilative liability."
The court also suggested that the state legislature should review the law to determine if changes should be made with regard to potentially excessive damage awards.
This isn't the first time that a company has violated the state's biometric privacy protections. In 2020, Facebook — since rebranded as Meta — agreed to pay $650 million to settle a class-action lawsuit for applying facial recognition software on Illinois residents without their consent. ®