Recently, in Ricardo Vigil, et al. v. Take-Two Interactive Software, Inc., 2017 U.S. Dist. LEXIS 12295 (S.D.N.Y. Jan. 2017), the U.S. District Court for the Southern District of New York dismissed plaintiff’s putative class action under the Illinois Biometric Information Privacy Act, 740 Ill. Comp. Stat. 14/1 et seq. (“BIPA”) against Take-Two Interactive Software, Inc. (“Take-Two”). The Southern District turned away the putative class action for lack of standing and for failure to allege sufficient actual harm under Spokeo, Inc. v. Robins, 136 S. Ct. 1540, 194 L. Ed. 2d 635 (2016), a decision that is fast becoming one of the most important decisions in recent history in reducing the amount of harassing class-action litigation based on spurious and ill-founded allegations of harm under regulatory statutes. As the Supreme Court said in Spokeo, “Congress’ role in identifying and elevating intangible harms does not mean that a plaintiff automatically satisfies the injury-in-fact requirement whenever a statute grants a person a statutory right and purports to authorize that person to sue to vindicate that right. Article III standing requires a concrete injury even in the context of a statutory violation.” Accordingly, courts are striking down causes of action which do not allege sufficient harm.
In the Take-Two case, plaintiff siblings claimed that Take-Two illegally used their face scans (which plaintiffs used to create personalized virtual basketball players for in-game play in Take-Two’s online game NBA2K15) in violation of the Illinois BIPA. Specifically, they alleged a violation of BIPA when Take-Two indefinitely stored the biometric information it collects through the face scans on its servers, and when Take-Two transmitted unencrypted biometric information through the “open commercial internet.” Plaintiffs also alleged that Take-Two had failed to provide them with proper notice in writing that their scans would be collected and failed to explain the purposes and length of time of the data collection. Finally, the plaintiffs alleged that TakeTwo failed to safely transmit their biometric data in accordance with the BIPA’s provisions.
In a 51-page decision, the Court carefully parsed through the various “technical violations” of the BIPA alleged by plaintiffs. Citing to Spokeo and Strubel v. Comenity Bank, 842 F.3d 181 (2d Cir. 2016), the Court found that “[t]he purported violations of the BIPA are, at best, marginal, and the plaintiffs lack standing to pursue their claims for the alleged bare procedural violations of the BIPA.” Furthermore, the Court found that “the actual notice and consent in this case, and that purportedly required by the BIPA, does not rise to more than a procedural violation, which is plainly insufficient for standing under Spokeo and Strubel.” Accordingly, the court concluded that the plaintiffs had failed to allege an injury that could support a cause of action under BIPA and dismissed the action with prejudice for lack of standing and for failure to state a claim. The Court found it unnecessary to reach plaintiffs’ alternative class action allegations and the Plaintiffs have appealed.
Practice Tip: In addition to the already stringent requirements of Rule 23 of the Federal Rules of Civil Procedure, the Spokeo decision is proving to be another major obstacle to plaintiffs’ class action lawyers and should be made part of the defense lawyer’s arsenal when such putative claims are filed. –