A putative class action lawsuit alleging violation of Illinois’ Biometric Information Privacy Act can be heard in federal court, rather than in more plaintiff-friendly state court, said a federal appeals court Tuesday, in overturning a lower court ruling.

The 7th U.S. Circuit Court of Appeals in Chicago held that the invasion of personal rights alleged in the lawsuit was an injury that was “both concrete and particularized” and therefore could be heard in federal court, according to the ruling in Christine Bryant v. Compass Group USA Inc.

The lawsuit was filed by Christine Bryant, a call center employee whose company had installed Smart Market vending machines owned and operated by Charlotte, North Carolina-based Compass Group USA Inc. The machines did not accept cash, and users had to establish an account using their fingerprints instead. 

Among Ms. Bryant’s allegations was that, in violation of the Illinois biometric law, Compass never informed Ms. Bryant in writing that her biometric identifier, in this case her fingerprints, was being collected and stored.

Ms. Bryant filed suit against Compass in state court in August 2019. Compass had the case removed to U.S. Distinct Court in Chicago, which held that Compass’ “bare procedural violations” did not cause concrete harm to Ms. Bryant, and remanded the action back to state court.

That ruling was overturned by a unanimous three-judge appeals court panel. The company’s failure to inform Ms. Bryant it was collecting her biometric information means she suffered “the kind of injury-in-fact that supports” standing under Article III of the Constitution, it said. 

The ruling cited the U.S. Supreme Court’s 2016 in Spokeo v. Robins, in which said plaintiffs must show evidence of “concrete” injury to successfully file suit in federal court.

In this case, Ms. Bryant asserted a violation of her own rights, “and that is enough to show injury-in-fact without further tangible consequences.  This was no bare procedural violation; it was an invasion of her private domain, much like an act of trespass would be,” said the ruling.

“Compass withheld substantive information to which Bryant was entitled and thereby deprived her of the ability to give the informed consent” the Illinois biometrics law mandates, it said.

By failing to obtain Ms. Bryant’s consent, Compass “inflicted the concrete injury BIPA intended to protect against, i.e. a consumer’s loss of the power and ability to make informed decisions about the collection, storage, and use of her biometric information,” said the ruling in reversing the lower court’s ruling and remanding the case for further proceedings.

Attorneys in the case did not respond to a request for comment.

Experts say policyholders should talk to their brokers and insurers to better understand exactly how biometrics-related exposures are treated under their insurance programs.