https://www.theregister.com/2023/02/18/white_castle_fingerprints_fine/

[user] [user] Sign in / up
The Register(r) -- Biting the hand that feeds IT
[magn]
[burg] [burg]

Topics

Security

Security

All SecurityCyber-crimePatchesResearchCSO (X)
Off-Prem

Off-Prem

All Off-PremEdge + IoTChannelPaaS + IaaSSaaS (X)
On-Prem

On-Prem

All On-PremSystemsStorageNetworksHPCPersonal Tech (X)
Software

Software

All SoftwareAI + MLApplicationsDatabasesDevOpsOSesVirtualization (X)
Offbeat

Offbeat

All OffbeatDebatesColumnistsScienceGeek's GuideBOFHLegalBootnotesSite
NewsAbout Us (X)

Vendor Voice

Vendor Voice

Vendor Voice

All Vendor VoiceAmazon Web Services (AWS) Business TransformationDDN
Google Cloud for Startups (X)
Resources

Resources

Whitepapers Webinars Newsletters
[personalte]

Personal Tech

27 comment bubble on white

White Castle collecting burger slingers' fingerprints looks like a
$17B mistake

27 comment bubble on white

Wow Harold, you could buy, like, 23 billion sliders with that

icon Tobias Mann
Sat 18 Feb 2023 // 12:00 UTC
#
   
  

American burger-slinging giant White Castle is almost certainly
regretting its decisions about employee monitoring after the Illinois
Supreme Court Friday issued an opinion opening the fast "food" corp
up to potentially billions in fines.

In what we imagine was a gut-wrenching decision for White Castle's
legal team, the court ruled [PDF] in a 4-3 decision that White Castle
could be held accountable for every instance in which it scanned the
fingerprints of its 9,500 employees without their consent.

Illinois has required companies to obtain permission before
collecting or transmitting an individual's biometric data since 2008.
The fine for failing to do so was between $1,000 and $5,000 per
infraction, depending on the circumstances.

[personalte]

The case, brought by an Illinois woman who began working at White
Castle in 2004, involves the use of workers' fingerprints to access
pay stubs and company computers, which she said were implemented
shortly after she joined.

[personalte]
[personalte]

The possibly very expensive issue at the center of the case is
whether private entities -- in this case the burger-slinging chain --
are liable every time they collected a person's biometric data
without their consent. According to court documents, White Castle
only obtained permission to use its employees' fingerprints in 2018,
a decade after the bill was signed.

  * EU lawmakers argue against signing US data pact
  * The Pentagon is shockingly bad at managing its employee
    smartphones
  * Man wrongly jailed by facial recognition, lawyer claims
  * Amnesty International Canada claims attack by China-backed forces

In court, White Castle argued that it was only on the hook for the
first instance in which it collected its workers' fingerprints, and
not for every instance of an employee swiping their finger to sign in
for work or access records. 

However, the plaintiffs in the case had maintained that the company
should be held accountable for every fingerprint it had collected in
the 10 years it violated state law. That could leave a bad taste in
the mouth.

Any hopes the court would let the issue slide were dashed after the
justices found White Castle's interpretation of the law unappetizing.
The company estimates it could pay as much as $17 billion -- or by our
estimate, 23 billion classic sliders -- as a result of the decision.

[personalte]

However, there remains a chance White Castle will shake the worst of
the fines. While the State Supreme Court has issued an opinion on the
matter, the case isn't over. And as the justices noted in their
analysis, the presiding judge would possess the authority to fashion
a damage award that fairly compensated class members, while deterring
future violations, without the threat of what White Castle's lawyers
described as "annihilative liability."

The court also suggested that the state legislature should review the
law to determine if changes should be made with regard to potentially
excessive damage awards.

This isn't the first time that a company has violated the state's
biometric privacy protections. In 2020, Facebook -- since rebranded as
Meta -- agreed to pay $650 million to settle a class-action lawsuit
for applying facial recognition software on Illinois residents
without their consent. (r)

Get our Tech Resources
# Share
   
  

Similar topics

  * Biometrics
  * Privacy
  * Supreme court

More like these
x

Similar topics

  * Biometrics
  * Privacy
  * Supreme court

Narrower topics

  * cookies
  * Privacy Sandbox

Broader topics

  * Authentication

Similar topics

# Share
   
  
27 comment bubble on white COMMENTS

Similar topics

  * Biometrics
  * Privacy
  * Supreme court

More like these
x

Similar topics

  * Biometrics
  * Privacy
  * Supreme court

Narrower topics

  * cookies
  * Privacy Sandbox

Broader topics

  * Authentication

TIP US OFF

Send us news

---------------------------------------------------------------------

Other stories you might like

 

Google lets a few Android devices into its Privacy Sandbox

Chocolate Factory's ad tech renovation is moving ahead, like it or
not
Security14 Feb 2023 | 9
 

Virtual reality telemetry means you can virtually kiss goodbye to
privacy

Exclusive Boffins find they can identify VR players just from head
and hand movements
Personal Tech18 Feb 2023 | 14
 

Biden attacks Big Tech's data addiction, wants more protection for
kids

Old man yells at cloud, literally
Personal Tech8 Feb 2023 | 5
 

It's time to fill those cloud security gaps

Here's how Wiz can help
Sponsored Feature
[personalte]
 

EU lawmakers argue against signing US data-transfer pact

Committee: Something about complaints process being dealt with in
total secrecy doesn't sit right
Security17 Feb 2023 | 52
 

Surprise! China's top Android phones collect way more info

Best to revisit that plan to bring home a cheap OnePlus, Xiaomi,
Oppo, or Realme handset from your holiday
Software7 Feb 2023 | 73
 

Cali puts mobile app makers on notice over privacy

Let customers opt out, or start adding zeros to compliance fines
Software31 Jan 2023 | 7
 

Google pushes fake abortion clinic ads to lower-income women, report
says

At least those who live in Phoenix and Atlanta
Personal Tech8 Feb 2023 | 28
 

Euronext says non, nein to US cloud providers services as rivals sign
up

Data sovereignty and compliance gives CEO pause for thought as
Deutsche Borse AG jumps in bed with Google
PaaS + IaaS10 Feb 2023 | 6
 

Cedars-Sinai hospital's website shares patient info with Meta,
lawsuit claims

Facebook parent could then offer that data to other advertising
clients, complaint alleges
Applications8 Feb 2023 | 8
 

FTC prescribes GoodRx a $1.5m pill after 'sharing health info' with
web giants

Facebook, Google, Twilio had a look-see of that data, we're told
Personal Tech2 Feb 2023 | 8
 

Microsoft is changing how it handles device diagnostic data to keep
EU sweet

Data sovereignty - the Windows maker has heard of it
Networks6 Feb 2023 | 10

The Register icon Biting the hand that feeds IT

About Us*

  * Contact us
  * Advertise with us
  * Who we are

Our Websites*

  * The Next Platform
  * DevClass
  * Blocks and Files

Your Privacy*

  * Cookies Policy
  * Privacy Policy
  * T's & C's
  * Do not sell my personal information

Situation Publishing

Copyright. All rights reserved (c) 1998-2023

no-js