Lawsuit Against Home Depot Reveals Checkout Line You Didn’t Face Consent For

A shopper at a Home Depot in Chicago, Benjamin Jankowski, has initiated a class action lawsuit. This all came about after he observed the store’s self-checkout kiosks employing facial recognition technology without first obtaining customer consent. Furthermore, the home improvement retailer was alleged to be in direct violation of a stringent state privacy law. With this legal action, does Jankowski’s observation and the legal challenge it creates against the major national retailer hold any weight?

This Home Depot Project Requires Your Face

Formerly filed on August 1, the lawsuit contended that Home Depot has breached the Illinois Biometric Information Privacy Act (BIPA), a pioneering piece of legislation enacted in 2008. So, the suit seeks statutory damages of up to $5,000 for each violation of the act. Throughout the state of Illinois, a total of 76 Home Depot locations are in operation, meaning that this potential financial liability for the company could go downhill. Specifically, this suit could result in the company being required to spend millions of dollars if the court rules in the plaintiff’s favor.

On June 22, the incident occurred when Jankowski visited a Chicago Home Depot location and found himself directed to a self-checkout station due to a lack of open cashier lanes. That’s when he observed a camera and a display screen mounted above the kiosk, which prominently featured a green box outlining his own face, an indicator commonly associated with active facial recognition software, during his transaction. Jankowosky immediately took a photograph to document the scene.

Additionally, he made a mental note that the store had provided no warning to consumers about the technology. In fact, there was no statement given through posted signage or verbal notice that their biometric identifiers were being captured and stored. Due to this alleged failure, customers were never informed about the measure nor acquired written permission, which directly contravenes the core requirements of BIPA. According to the law, private entities are mandated to complete three actions:

• Develop a publicly available policy establishing a retention schedule for the destruction of biometric data
• Secure that data with a reasonable standard of care
• Obtain a written release from individuals before collecting or disclosing their biometric identifiers

Their Self-Checkout Gave Him a New Face-Lawsuit

The 2019 Illinois Supreme Court ruling in the case of Rosenbach v. Six Flags Entertainment Corp was a pivotal moment in strengthening this legal position. In that instance, the court determined that a mere technical violation of BIPA’s statutory procedures was sufficient to constitute an actual injury, even without any further misuse of the data. In that particular case, collecting a minor’s fingerprint without informed consent was more than enough to get the conviction. If the situation Jankowski describes is true, it presents a direct parallel that raises the same fundamental questions about corporate responsibility and consumer privacy that Home Depot may have to answer.

Consequently, a critical legal principle under Illinois law is highlighted in both cases that may not cause issues for the giant. Namely, a company’s intent or actual use of the data is less important than its failure to follow the strict protocols of informed consent and disclosure before collection occurs. Home Depot’s Vice President of Asset Protection, Scott Glenn, publicly emphasized its use of computer vision technology in a 2024 interview. He stated that it’s deployed primarily for security and loss prevention objectives. So, why then does the company’s stated goal of preventing theft legally justify bypassing the requirement for customer consent?

The growing public concern over the silent and passive collection of highly sensitive personal information will overshadow this case, and possibly for good reason. A compromised password or credit card number is one thing, as it can be changed if stolen or misused. However, an individual’s biometric data, such as their facial geometry, is intrinsically unique and permanent. Ultimately, the use of surveillance technology is becoming more commonplace in retail environments. Therefore, for Home Depot shoppers in Illinois, this lawsuit assures their right to be clearly notified about such practices and to have the choice to consent, as it protects biometric data from being captured.