7-Eleven Faces Class-Action Suit Over Collection of Biometric Customer Data
The filing claims that the retailer violated the Illinois Biometric Information Privacy Act.
CHICAGO — Four consumers allege 7-Eleven Inc. violated the Illinois Biometric Information Privacy Act (BIPA) by unlawfully collecting, storing and using shoppers' facial scans, and possibly other biometric identifiers, without first obtaining written consent to do so or providing statutory disclosures.
According to a 23-page proposed class action filing, numerous 7-Eleven locations in Chicago use surveillance systems provided by Clickit, an intelligent video solutions provider. The filing claims that although Clickit's technology is purportedly configured to operate without using facial recognition software or algorithms, it nevertheless violates the Illinois BIPA because it scans faces and recognizes facial features, reported ClassAction.org.
The lawsuit, filed April 25 by plaintiffs Ryan Hess, Carolyn Johnson, Thomas McKee and Barbara Moss, states that Clickit, in an attempt to alleviate privacy concerns, notes that the face scans and biometric data it collects can be deleted on a daily basis. This "suggested strategy," the lawsuit argues, ignores the fact that the collection of biometric data, regardless of the amount of time it is kept or anonymized, still violates the BIPA.
"This is underscored by the fact that 7-Eleven storefronts, interiors, and exteriors are not equipped with visible signs to notify customers that their biometric data will be captured or collected when they enter 7-Eleven stores," plaintiffs wrote in the lawsuit.
Further, 7-Eleven also has its own proprietary surveillance technology with facial recognition capabilities, the lawsuit claims.
Under the BIPA, a private entity in Illinois that deals with consumer biometric data, which can include a retina or iris scan, fingerprint, voiceprint or a scan of a person's hand or facial geometry, must inform a person in writing that their biometric information is being collected.
A private entity is also required to inform the person of the specific purpose and length of time for which a biometric identifier will be collected, stored and used, and receive a written release from the individual authorizing the collection of their data. Lastly, a private entity must publish a publicly available retention schedule and guidelines for permanently destroying consumers' biometric identifiers, according to the filing.
"7-Eleven does not notify customers of this fact prior to store entry, nor does it obtain consent prior to capturing and collecting its customers' biometric data," the complaint alleged. "Further, 7-Eleven does not provide a publicly available policy establishing a retention schedule and guidelines for permanently destroying this biometric data."
According to the complaint, 7-Eleven was investigated in 2021 for similar alleged conduct by the Australian Information Commissioner and Privacy Commissioner, who found that the retailer had "interfered with customers' privacy by collecting their face prints without their information or consent." Also, the company has acknowledged that it has been using facial recognition technology at its stores in Thailand since 2018, the case states.
Hess, Johnson, McKee and Moss are demanding a jury trial and requesting injunctive relief along with statutory damages for themselves and all class members, according to Top Class Actions. They want to represent an Illinois class of consumers who have had their biometric data collected, captured, received or otherwise obtained and/or stored by 7-Eleven.
Irving, Texas-based 7‑Eleven operates, franchises and/or licenses more than 13,000 stores in the United States and Canada. In addition to 7‑Eleven stores, 7‑Eleven Inc. operates and franchises Speedway, Stripes, Laredo Taco Co., and Raise the Roost Chicken & Biscuits locations.