- IN THE UNITED STATES DISTRICT COURT FOR THE CENTRAL DISTRICT OF ILLINOIS SPRINGFIELD DIVISION KYLE HAYES, on behalf of ) himself and all other persons ) similarly situated, known and ) unknown, ) ) Plaintiff, ) ) v. ) Case No. 23-cv-3296 ) CGB ENTERPRISES, INC. d/b/a ) CONSOLIDATED GRAIN AND ) BARGE CO., and CONSOLIDATED ) TERMINALS AND LOGISTICS, CO. ) ) Defendant. ) OPINION AND ORDER This matter is before the Court on Defendant CGB Enterprises, Inc. (“CGB”) Motion to Dismiss (d/e 11). Plaintiff Kyle Hayes' First Amended Complaint (d/e 9) states claims upon which relief can be granted under the Illinois Biometric Information Privacy Act (BIPA), 740 ILCS 14/1, et seq., so Defendant CGB’s Motion (d/e 11) is DENIED. I. BACKGROUND On August 24, 2023, Plaintiff Kyle Hayes, individually and on behalf of those similarly situated, filed a four-Count Class Action Complaint in the Circuit Court of the Seventh Judicial Division, Sangamon County, asserting that he used timekeeping technology to clock in and out from work in a manner that violated the Illinois Biometric Information Privacy Act (BIPA), 740 ILCS 14/1, et seq. See d/e 1, Ex. B, ¶¶ 50–64. On October 11, 2023, Defendants CGB Enterprises, Inc. (“CGB”), Consolidated Grain and Barge Co. (“Consolidated Grain”), and Consolidated Terminals and Logistics, Co. (“Consolidated Terminals”) (collectively, “Defendants”) removed this action to the United States District Court for the Central District of Illinois. See d/e 1. On November 17, 2023, Defendants moved to dismiss all Counts for failure to plausibly state a claim for relief upon which relief can be granted pursuant to Federal Rule of Civil Procedure 12(b)(6). See d/e 6. On December 7, 2023, Plaintiff filed an Unopposed Motion for Extension of Time to Respond and Leave to File a First Amended Complaint. See d/e 8. On December 13, 2023, United States Magistrate Judge Karen McNaught allowed Plaintiff’s Motion (d/e 8) and directed Plaintiff to respond to Defendants’ Motion to Dismiss (d/e 6) and/or file an amended complaint by December 29, 2023. See Text Order entered on December 13, 2023. On December 29, 2023, Plaintiff filed a four- Count Amended Complaint. See d/e 9. Plaintiff alleges that CGB violated BIPA by: (1) capturing or collecting Plaintiff’s biometric data without first obtaining his informed, written consent, under BIPA § 15(b); (2) possessing Plaintiff’s biometric data without creating or following a publicly available retention and destruction policy, under BIPA § 15(a); (3) disclosing or disseminating Plaintiff’s biometric data without his consent, under BIPA § 15(d); and (4) failing to store, transmit, and protect from disclosure Plaintiff’s biometric data in accordance with the reasonable standard of care in CGB’s industry, under BIPA § 15(e). Id. at ¶¶ 68–78, 79–88, 89– 97, 98–109. On January 26, 2024, Defendant CGB moved to dismiss all Counts for failure to state a claim for relief upon which relief can be granted pursuant to Rule 12(b)(6). See d/e 11. On February 16, 2024, Plaintiff filed his Response. See d/e 15. On April 15, 2024, Defendant CGB filed its Reply. See d/e 18. II. LEGAL STANDARD Defendants have moved to dismiss Plaintiff’s First Amended Complaint (d/e 9) under Rule 12(b)(6) of the Federal Rules of Civil Procedure. A motion to dismiss under Federal Rule of Civil Procedure 12(b)(6) challenges the sufficiency of the complaint. Christensen v. Cty. of Boone, 483 F.3d 454, 458 (7th Cir. 2007). A complaint must contain “a short and plain statement of the claim showing the pleader is entitled to relief” that puts the defendant on notice of the allegations. Higgs v. Carver, 286 F.3d 437, 439 (7th Cir. 2002) (quoting Fed. R. Civ. P. 8(a)(2)). The court accepts all well-pleaded facts alleged and draws all possible inferences in the plaintiff’s favor. Tamayo v. Blagojevich, 526 F.3d 1074, 1081 (7th Cir. 2008). The complaint must put forth plausible grounds to demonstrate a claim for relief. Bell Atl. Corp. v. Twombly, 550 U.S. 544, 555 (2007). A plausible claim is one from which the court is able to draw reasonable inferences that the defendant is liable for the misconduct alleged. Ashcroft v. Iqbal, 556 U.S. 662, 663 (2009). Additionally, the complaint must raise a reasonable expectation that discovery will reveal evidence of liability. Id. at 663; Twombly, 550 U.S. at 545. A complaint merely reciting a cause of action or conclusory legal statements without support is insufficient. Iqbal, 556 U.S. at 663. III. FACTS The following facts are taken from Plaintiff Haynes’ First Amended Complaint (d/e 9) and are accepted as true at the motion to dismiss stage. Bible v. United Student Aid Funds, Inc., 799 F.3d 633, 639 (7th Cir. 2015). Defendant CGB operates grain silos, grain elevators, and affiliated offices through Illinois. d/e 9, ¶ 22. Consolidated Grain and Consolidated Terminals are divisions of CGB. Id. at ¶¶ 19, 20. During the course of his employment, Plaintiff was assigned to work for both Consolidated Grain and Consolidated Terminals. Id. at ¶ 7. His wages were paid by Consolidated Grain. Id. at ¶ 8. From approximately August 2011 through November 2014, and from September 2016 through June 2021, CGB employed Plaintiff at its Naples, Illinois office, grain silo, and elevator. Id. at ¶ 23. CGB required Plaintiff to clock in and out during the course of his employment, at least two times each workday, using timeclocks located on CGB’s premises (“CGB Timeclocks”). Id. at ¶¶ 25, 27. CGB controlled, owned, operated, leased, and/or licensed the CGB Timeclocks, and any data or information contained therein. Id. at ¶ 26. In order to clock in or out, the CGB Timeclocks captured a scan of Plaintiff’s fingerprints and converted the fingerprints to electronic images. Id. at ¶ 28. These electronic images were stored in the electronic data files of at least one electronic data storage system, controlled, owned, or operated by CGB. Id. at ¶ 30. The electronic data files of the fingerprint images were disclosed to others, including third-party payroll services providers. Id. at ¶ 31. The fingerprints, or their electronic images, were also stored on other electronic data storage systems. Id. at ¶ 32. The possession of the scanned images on the CGB Timeclocks allowed CGB to identify individual employees, ensuring that no employee could clock in or out for another, and allowed CGB to maintain records of the hours worked by its employees. Id. at ¶¶ 33, 34. Prior to Plaintiff’s use of the CGB Timeclocks, CGB: (1) did not inform Plaintiff in writing, or receive his consent, to images of a portion of his hand and/or his fingerprints being collected or stored; (2) did not inform Plaintiff in writing of the specific purpose and length of term for which the images of a portion of his hand and/or his fingerprints would be collected, stored, and used; and (3) did not obtain in writing a written release related to the use of the images of his hand, his fingerprints, or any electronic images of them, that had been collected and captured by CGB. Id. at ¶¶ 35– 37. At all times relevant to this action, CGB maintained a “privacy policy” on its website: CGB Enterprises, Inc. is committed to protecting your privacy and developing technology that gives you the most powerful and safe online experience. This Statement of Privacy applies to the CGB Enterprises, Inc. site and governs data collection and usage. The Statement of Privacy describes the type of personal information we collect on this site and how we may use that information. By using the CGB Enterprises Inc[.] site, you consent to the data practices described in this statement. . . . CGB Enterprises, Inc. collects and uses your personal information to operate the CGB Enterprises Inc[.] Web site and deliver the services you have requested. CGB Enterprises Inc[.] also uses your personally identifiable information to inform you of other products or services available from CGB Enterprises, Inc. and its affiliates. Id. at ¶¶ 38–40. Prior to Plaintiff’s use of the CGB Timeclocks, there was no written policy posted or provided to Plaintiff at any of his worksites or via any other means, made publicly available, that explained how Plaintiff’s data was being retained or for how long it would be retained. Id. at ¶ 41. There were also no guidelines regarding the permanent destruction of Plaintiff’s fingerprints or the electronic images of them after the end of his employment. Id. IV. ANALYSIS Plaintiff alleges that Defendants violated §§ 15(a), (b), (d), and (e) of BIPA which “imposes numerous restrictions on how private entities collect, retain, disclose and destroy biometric identifiers[.]” Rosenbach v. Six Flags Entm’t Corp., 129 N.E.3d 1197, 1199 (Ill. 2019). Defendant CGB makes several arguments why dismissal is appropriate. The Court addresses each argument in turn. A. Defendant CGB Is a Proper Defendant. Defendant CGB argues that CGB is not a proper defendant because CGB is a separate corporate entity from Consolidated Grain and Consolidated Terminals. Defendant CGB further argues that CGB should be dismissed because Plaintiff improperly engages in group pleading, failing to differentiate among CGB, Consolidated Grain, and Consolidated Terminals in his First Amended Complaint. Due to the personal nature of liability, when a complaint names more than one defendant, “[e]ach defendant is entitled to know what he or she did that is asserted to be wrongful.” Bank of Am., N.A. v. Knight, 725 F.3d 815, 818 (7th Cir. 2013). However, a complaint survives if any group pleadings, taken along with any individual pleadings, create the plausible inference that each defendant is liable. Martinez v. Wexford Health Servs., No. 3:18- CV-50164, 2021 WL 1546429, at *3 (N.D. Ill. Apr. 20, 2021) (citing Knight, 725 F.3d at 818). Ultimately, for a complaint to pass scrutiny under Rule 8 of the Federal Rules of Civil Procedure, a complaint must provide to each defendant sufficient notice of what he or she purportedly did wrong. See Knight, 725 F.3d at 818. The Court finds that Plaintiff’s First Amended Complaint does not constitute group pleading and provides sufficient notice to Defendant CGB. Consolidated Grain and Consolidated Terminals are named as divisions of CGB, not separate defendants. See d/e 9, ¶¶ 19–20. Plaintiff does inconsistently define “CGB” to refer to CGB itself, as well as to refer to CGB, Consolidated Grain, and Consolidated Terminals. See d/e 9, ¶ 3 (“Defendant, CGB Enterprises, Inc. (‘CBG’) is a privately owned foreign corporation that operates as a diversified agricultural company.”), ¶ 4 (“CGB operates in the State of Illinois through a variety of legal entities and/or divisions, including, but not limited to [Consolidated Grain] and [Consolidated Terminals]. Defendant is collectively referred to herein as ‘CGB’”). However, ultimately, Plaintiff alleges that CGB violated BIPA. Id. at ¶ 15, ¶ 55 (“During Plaintiff’s employment with CGB, all of its employees at the location where he was assigned used the same CGB Timeclock to clock in and clock out, regardless of whether they purportedly worked shifts for [Consolidated Grain or Consolidated Terminals] or any other subsidiary entity [of[ Defendant [CGB].”). The Court also finds that CGB is a proper defendant. Here, Plaintiff identifies Consolidated Grain and Consolidated Terminals as divisions of CGB. Id. at ¶¶ 19, 20. The d/b/a designation reflects Plaintiff’s understanding that Defendant CGB owned and operated Consolidated Grain and Consolidated Terminals. Whether Defendant CGB actually owns Consolidated Grain or Consolidated Terminals is irrelevant because the First Amended Complaint properly states a cause of action against Defendant CGB only. Id. at ¶ 55. Next, Defendant CGB argues that Plaintiff fails to allege facts piercing the corporate veil and supporting the liability of Defendant CGB for the purported acts of Consolidated Grain and Consolidated Terminals. However, here, corporate veil piercing is unnecessary because Plaintiff seeks to hold Defendant CGB liable for its own illegal conduct, not those of Consolidated Grain and Consolidated Terminals. See Gorgas v. Amazon.com, Inc., No. 22 CV 5159, 2023 WL 4209489, at *3 (N.D. Ill. June 23, 2023). In Gorgas, the court found in a biometric privacy class action that defendants mischaracterized plaintiffs’ allegations because plaintiffs were not alleging conduct by a subsidiary and attempting to hold the parent company liable for that conduct. Id. Rather, plaintiffs were alleging that the parent company and its subsidiaries were all engaging in the same illegal conduct. Id. As a result, the court accepted the well-pleaded allegations as true. Id. Similarly, here, Plaintiff alleges that Defendant CGB violated BIPA, not Consolidated Grain and/or Consolidated Terminals, so Plaintiff does not need to pierce the corporate veil to plausibly make those allegations. While discovery may reveal that Consolidated Grain and/or Consolidated Terminals alone committed BIPA violations, at this stage the Court must accept the well-pleaded allegations against Defendant CGB as true. B. Plaintiff Sufficiently Alleges that Defendant CGB “Possessed” His Biometric Data. Defendant argues that the §§ 15(a), (d), and (e) claims should be dismissed because Plaintiff fails to allege that Defendant “possessed” his biometric data. See 740 ILCS 14/15(a), (d), (e). While BIPA does not define “possession,” courts have applied the ordinary meaning of the word. See 740 ILCS 14/10; Heard v. Becton, Dickinson & Co., 524 F. Supp. 3d 831, 840 (N.D. Ill. 2021). Possession occurs when someone “exercis[es] any form of control over the data or . . . held the data at [its] disposal.” Heard, 524 F. Supp. 3d at 968. In Gorgas, the court found that plaintiffs properly alleged that defendants “possessed” their biometric data. No. 22 CV 5159, 2023 WL 4209489, at *4. There, the plaintiffs alleged that defendants (1) captured electronic images of the Gorgases’ and other workers’ faces for badge identification purposes, (2) owned and sold facial recognition technology (including, specifically, Rekognition), and (3) scanned workers’ facial geometry using their own facial recognition technology and warehouse cameras, which the Gorgases personally saw throughout the warehouses. Id. Importantly, the court noted that the plaintiffs further alleged that they “have been informed that Amazon uses these cameras to track attendance times, including when they enter and leave the Amazon workplace, productivity, loss prevention and even the amount of time they spend in the restroom.” Id. From these alleged facts, the court found that “it does not require an implausible leap to conclude from the above facts that the defendants possess or collect biometric data.” Id. On the other hand, in Jacobs v. Hanwha Techwin America, Inc., the court found that the plaintiff failed to sufficiently plead that defendant possessed his biometric data. No. 21 C 866, 2021 WL 3172967, at *3 (N.D. Ill. July 27, 2021). There, the court found that most of plaintiff’s allegations merely “parrot[ed] the statutory language” and that the complaint did not say “whether defendant could freely access the data, or even how defendant allegedly received it.” Id.; see also Heard, 524 F. Supp. 3d at 968–69 (plaintiff failing to plead possession because his allegations parroted statutory language, did not plead that defendant exercised control over the data or held the data at its disposal, and did not plead if defendant could freely access the data or how it received the data). Plaintiff’s allegations are similar to those made by the plaintiffs in Gorgas and distinguishable from those made by plaintiffs in Jacobs and Heard. Here, Plaintiff alleges that Defendant CGB: (1) required him to clock in and out using a timeclock that captured a scan of his fingerprints; (2) controlled, owned, operated, leased, and/or licensed the timeclocks and any data or information contained therein; (3) converted those scans to an electronic image that was stored on CGB’s electronic storage system; and (4) used the fingerprint scans to track hours worked by each employee. d/e 9, ¶¶ 25–28, 30–34. Plaintiff properly alleges that Defendant CGB required the use of the timeclocks, controlled the timeclocks and the biometric data therein, and used the data to monitor employees. As a result, the Court accepts these facts as true and draws “all reasonable inferences” in Plaintiff’s favor such that these factual allegations plausibly establish that Defendant CGB “possessed” Plaintiff’s biometric data or that of putative class members. Furthermore, that Plaintiff pleaded facts on “information and belief” does not necessitate dismissal of his claims. In Namuwonge v. Kronos, Inc., the court dismissed the plaintiff’s § 15(d) claim because the plaintiff failed to allege that defendant disclosed or distributed plaintiff’s data to a third party, not because plaintiff alleged facts on “information and belief.” 418 F. Supp. 3d 279, 285 (N.D. Ill. 2019); see also Heard, 440 F. Supp. 3d at 969 (“‘The Twombly plausibility standard . . . does not prevent a plaintiff from pleading facts alleged upon information and belief where the facts are peculiarly within the possession and control of the defendant.’”) (quotation omitted). Therefore, the Court denies Defendant CGB’s motion to dismiss Plaintiff’s claims for violations of §§ 15(a), (d), and (e). C. Plaintiff Sufficiently Alleges that Defendant CGB “Collected” His Biometric Data. Defendant argues that the § 15(b) claim should be dismissed because Plaintiff fails to allege that Defendant “collected” his biometric data. See 740 ILCS 14/15(b) (prohibiting private entities from “collect[ing], captur[ing], purchas[ing], receiv[ing] through trade, or otherwise obtain[ing] a person’s or customer’s biometric identifier or biometric information” without their informed consent). “[F]or Section 15(b)’s requirements to apply, an entity must, at a minimum, take an active step to ‘collect, capture, purchase, receive through trade, or otherwise obtain’ biometric data.” Heard, 440 F. Supp. 3d at 966. In Jacobs, the court dismissed the plaintiff’s § 15(b) claim because “a complete reading of the complaint makes clear that defendant is merely a third-party technology provider (that is, merely provided the cameras), and that the active collector and processor of the data is T.J. Maxx.” No. 21 C 866, 2021 WL 3172967, at *5. However, the defendant in Jacobs was a manufacturer of security cameras capable of performing facial recognition. Here, Defendant CGB is not a third-party manufacturer of biometric-data-collecting technology. Rather, Plaintiff alleges that Defendant CGB itself used biometric-data- collecting technology. d/e 9, ¶ 26. The Court finds that Plaintiff has sufficiently alleged that Defendant CGB “collected” his biometric data. Plaintiff’s allegations, taken as true, demonstrate that Defendant required its employees to use timeclocks, which captured biometric data, and used the timeclock’s data to track its employees. Id. at ¶¶ 25–28, 30–33, 48–55. The Court draws all reasonable inferences in Plaintiff’s favor and finds that Plaintiff plausibly alleges that Defendant actively “collected” Plaintiff’s biometric data or that of putative class members. Therefore, the Court denies Defendant CGB’s motion to dismiss Plaintiff’s claim for violations of § 15(b). D. Plaintiff Sufficiently Alleges that Defendant CGB “Disseminated” His Biometric Data. Defendant argues that the § 15(d) claim should be dismissed because Plaintiff fails to allege that Defendant “disseminated” his biometric data. See 740 ILCS 14/15(d) (prohibiting private entities in possession of biometric data from “discos[ing], redisclose[ing] or otherwise disseminat[ing]” that data without informed consent). In Namuwonge, the court dismissed plaintiff’s § 15(d) claim for failing to sufficiently allege facts that plausibly suggested that the defendant disclosed or distributed plaintiff’s data to a third party. 418 F. Supp. 3d at 285. There, the plaintiff pleaded that the defendant “disclosed her fingerprints to other third parties that host the data.” Id. Moreover, the plaintiff alleged that she had “no idea whether any Defendant sells, discloses, re-discloses, or otherwise disseminates [her] biometric data.” Id. Unlike the plaintiff in Namuwonge who made speculative allegations, here, Plaintiff alleges that Defendant CGB disclosed his biometric data to its payroll services provider, its timekeeping vendor, and other, currently unknown, third parties without obtaining his consent. d/e 9, ¶¶ 15, 31, 93. The Court finds that Plaintiff has sufficiently alleged that Defendant CGB “disseminated” his biometric data. The Court draws all reasonable inferences in Plaintiff’s favor and finds that Plaintiff plausibly alleges that Defendant actively “disseminated” Plaintiff’s biometric data, or that of putative class members. Therefore, the Court denies Defendant CGB’s motion to dismiss Plaintiff’s claim for violation of § 15(d). E. Plaintiff Sufficiently Alleges That Defendant Violated § 15(e). Defendant argues that the § 15(e) claim should be dismissed because: (1) Plaintiff fails to identify Defendant CGB’s industry and the “reasonable standard of care” within that industry and (2) § 15(e) does not require Defendant CGB to maintain a privacy policy for Plaintiff’s biometric data. See 740 ILCS 14/15(e). Section 15(e) requires a private entity in possession of biometric data to store, transmit, and protect from disclosure all biometric identifiers and biometric information using the reasonable standard of care within the private entity's industry; and store, transmit, and protect from disclosure all biometric identifiers and biometric information in a manner that is the same as or more protective than the manner in which the private entity stores, transmits, and protects other confidential and sensitive information. 740 ILCS 14/15(e)(1), (2). In Delgado v. Meta Platforms, Inc., the court dismissed plaintiff’s § 15(e) claim for failing to allege how defendant stored biometric data or how its practices failed to comply with the reasonable standard of care. No. 23-cv-04181-SI, 2024 WL 818344, at *9 (N.D. Cal. Feb. 27, 2024). The only factual allegation made by plaintiff in support of his § 15(e) claim was that “Meta acknowledges that its large size and vast amount of user data makes [sic] it a key target for cyber-attacks, has disclosed it has been the subject of cyber-attacks in the past, states it will be subject to future intrusions, and admits it may not be aware of or discover all such intrusions.” Id. Unlike the plaintiff in Delgado who failed to allege facts in support of a § 15(e) claim, here, Plaintiff alleges that Defendant CGB maintained a privacy policy governing the collection and use of personal information of its website’s users but did not maintain a similar written policy regarding the collection, storage, and use of Plaintiff’s biometrics. d/e 9, ¶¶ 38– 42, 102–104. The Court finds that Plaintiff has sufficiently alleged that Defendant CGB violated § 15(e). Plaintiff does not allege that Defendant CGB’s lack of privacy policy regarding biometric data is a violation of § 15(e). Rather, Plaintiff alleges the non-existence of a privacy policy regarding his biometric data to demonstrate how Defendant CGB failed to “store[], transmit[], and protect[]” his biometric data “in a manner that is the same or more protective” than the manner in which Defendant CGB “stores, transmits, and protects other confidential and sensitive information,” i.e. its website’s users data. d/e 9, ¶¶ 38–42. The Court draws all reasonable inferences in Plaintiff’s favor and finds that these facts plausibly suggest that Defendant CGB violated § 15(e). Therefore, the Court denies Defendant CGB’s motion to dismiss Plaintiff’s claim for violation of § 15(e). F. Plaintiff Sufficiently Alleges Entitlement to Statutory Damages. Defendant argues that the Court should strike Plaintiff’s request for statutory damages because he failed to allege intentional, reckless, or negligent conduct. BIPA provides that a plaintiff may recover statutory damages of $1,000 for negligent violations and $5,000 for intentional or reckless violations. 740 ILCS 14/20(1)–(2). Recovery of attorneys’ fees and costs and any “other relief, including an injunction,” the Court may deem proper, can also be awarded. 740 ILCS 14/20(3), (4). Plaintiff’s requests for liquidated damages are requests for a particular type of remedy should he prevail on his underlying BIPA claim. In fact, Plaintiff seeks other remedies authorized by BIPA in addition to liquidated damages: injunctive relief, reasonable attorneys’ fees and costs, and any other relief that the Court deems just and proper. d/e 9, ¶¶ 78, 88, 97, 109; Brandenburg v. Meridian Sr. Living, LLC, 564 F. Supp. 3d 627, 634 (C.D. Ill. Sept. 30, 2021) (“Once a plaintiff establishes a BIPA claim, which does not require a mental state allegation, he or she may then seek relief in the form of liquidated damages, litigation expenses, an injunction, or a combination of all three.”). Plaintiff does not need to plead facts showing Defendant’s mental state to state a claim for relief. Brandenburg, 564 F. Supp. 3d at 634 (“Rather, the question of mental state only arises when considering the type of relief available after a violation has been established.”). Defendant cites a hearing by the chancery division in the Circuit Court of Cook County, Illinois, Johnson v. Gold Standard Baking, Inc. et al., in which the court purportedly dismissed BIPA claims for statutory damages. d/e 18, pp. 5–6, Ex. 1. Illinois circuit court decisions are not binding on this Court. Instead, the Court finds that Plaintiff’s request for liquidated damages under BIPA are not separate claims but demands for relief governed by Federal Rule of Civil Procedure 8(a)(3). At the pleading stage, a plaintiff is not required to plead damages with particularity and only requires “a demand for the relief sought.” Fed. R. Civ. P. 8(a)(3). Plaintiff is not required to plead facts that show his entitlement to these precise forms of relief. See Sloat v. Camfil USA, Inc., No. 23 CV 5125, 2024 WL 1556268, at *4–5 (N.D. Ill. April 10, 2024) (adopting the majority approach and finding that the subsections in 740 ILCS 14/20 list separate forms of relief that do not need to be pled in the complaint). Therefore, the Court denies Defendant CGB’s motion to dismiss Plaintiff’s First Amended Complaint on the basis that Plaintiff failed to sufficiently allege Defendant’s state of mind. G. Plaintiff’s Claims Are Not Barred by Affirmative Defenses. Defendant argues that Plaintiff’s claims are barred by the doctrine of implied assumption of risk and implied consent. Defendant asserts that Plaintiff assumed “any attendant risk of harm from the use of the timekeeping system” and “impliedly consented to the alleged collection, storage, and dissemination of his alleged biometric [data] for timekeeping purposes” when Plaintiff chose to work at Defendant’s facilities. d/e 12, pp. 12–13. “Primary implied assumption of risk is an affirmative defense that arises where the plaintiff's conduct indicates that he has implicitly consented to encounter an inherent and known risk, thereby excusing another from a legal duty which would otherwise exist.” Edwards v. Lombardi, 1 N.E.3d 641, 646 (Ill. App. 2013) (quotation marks omitted). However, “assumption of the risk is not an available defense when a statute calls for strict liability.” Olle v. C House Corp., 967 N.E.2d 886, 890 (Ill. App. 2012). Furthermore, the doctrine will not bar recovery if the statutory language indicates that assumption of the risk is not available. Barthel v. Ill. Cent. Gulf R.R. Co., 384 N.E.2d 323, 326 (Ill. 1978). Because BIPA is a strict liability statute, the implied assumption of the risk defense is unavailable to BIPA defendants. Snider v. Heartland Beef, Inc., 479 F. Supp. 3d 762, 773 (C.D. Ill. 2020) (“Therefore, it appears that the BIPA imposes strict liability . . . and assumption of the risk would not be available as a defense.”). Moreover, BIPA’s statutory language makes clear that the assumption of risk defense is unavailable. Brandenburg, 564 F. Supp. 3d at 635 (BIPA’s requirement that private entities “provide written notice that they are collecting biometric information, their purposes for doing so, and how long they will be collecting the data . . . [and to] obtain informed consent from those whose data they are collecting . . . plainly appears to abrogate the doctrine of implied assumption of risk.”). Furthermore, the implied consent defense is equally unavailable to BIPA defendants. “The informed consent regime laid out in 740 ILCS 14/15(b) is the heart of BIPA” and “[t]he text of the statute demonstrates that its purpose is to ensure that consumers understand, before providing their biometric data, how that information will be used, who will have access to it, and for how long it will be retained.” Bryant v. Compass Group USA, Inc., 958 F.3d 617, 626 (7th Cir. 2020). BIPA’s statutory language explicitly requires private entities to obtain informed consent from those whose data they are collecting. See 740 ILCS 14/15(b). Therefore, the Court denies Defendant CGB’s motion to dismiss based on assumption of the risk and implied consent. H. Plaintiff’s Claim Is Not Barred by Laches. Lastly, Defendant argues that Plaintiff’s BIPA claims are barred by the doctrine of laches. Laches is an equitable doctrine that “cuts off the right to sue when the plaintiff has delayed ‘too long’ in suing.” Teamster & Emp'rs Welfare Trust of Ill. v. Gorman Bros. Ready Mix, 283 F.3d 877, 880 (7th Cir. 2002). It is an affirmative defense on which the asserting party bears the burden of proof. Safety Socket LLC v. Relli Tech., Inc., No. 18 C 6670, 2023 WL 3455117, at *3 (N.D. Ill. May 15, 2023) (citing Bauer v. J.B. Hunt Trans., Inc., 150 F.3d 759, 763 (7th Cir. 1998)). When the plaintiff’s pleadings admit all the facts that establish an affirmative defense, it provides a proper basis for a Rule 12(b)(6) motion. See Muhammad v. Oliver, 547 F.3d 874, 878 (7th Cir. 2008); Walker v. Thompson, 288 F.3d 1005, 1009–10 (7th Cir. 2002). Laches requires proof of two elements: (1) unreasonable delay and (2) prejudice to the other party. Teamster, 283 F.3d at 880. “[A] district court’s decision to apply the doctrine of laches is discretionary.” AutoZone, Inc. v. Strick, 543 F.3d 923, 934 (7th Cir. 2008) (citation omitted). Viewing the First Amended Complaint’s allegations in the light most favorable to Plaintiff, the Court finds that he has not demonstrated unreasonable delay. Rather, Plaintiff filed his claims within BIPA’s five-year statute of limitations period, see Tims v. Black Horse Carriers, Inc., 216 N.E.3d 845, 854 (Ill. 2023) (holding that a five-year limitation period applies to BIPA claims), and two years after he terminated his employment with Defendant CGB. Under these circumstances, the Court cannot conclude with certainty that Plaintiff’s delay in bringing this action was unreasonable. Defendant cites a hearing in the Circuit Court of Kane County, Illinois, Argueta v. Proven Partners Grp. LLP., in which the court purportedly dismissed BIPA claims on the basis of laches. d/e 12, p. 14, Ex. 1. Illinois circuit court decisions are not binding on this Court. Nevertheless, the facts of Argueta are distinguishable. The defendant in Argueta provided the plaintiff with written notice that defendant was collecting plaintiff’s biometric data and obtained her consent. In this case, however, Plaintiff alleges that Defendant neither provided notice nor obtained his consent to collect and use his biometric data. Because unreasonable delay is not apparent from the face of the First Amended Complaint, the Court denies Defendant CGB’s motion to dismiss based on laches. V. CONCLUSION For the reasons stated above, Defendant’s Motion to Dismiss (d/e 11) is DENIED. Because Plaintiff filed a First Amended Complaint (d/e 9), Defendant’s Motion to Dismiss (d/e 6) Plaintiff’s Complaint (d/e 1) is DENIED as MOOT. ENTERED: June 20, 2024. FOR THE COURT: /s/ Sue E. Myerscough SUE E. MYERSCOUGH UNITED STATES DISTRICT JUDGE
Document Info
Docket Number: 3:23-cv-03296
Filed Date: 6/20/2024
Precedential Status: Precedential
Modified Date: 6/21/2024