by LawInc Staff
October 12, 2024
As Mets fans gear up for Game 3 of the NLCS at Citi Field on October 16, 2024, they might be surprised to learn that the stadium is facing more than just the Dodgers—it’s also caught in the crosshairs of a class action lawsuit over biometric data collection.
As the Mets take the field, a whole new legal game is just beginning at Citi Field—here’s your first look at the class action lawsuit that could change the rules for fans and their privacy.
1. Understand the Basics of Biometric Privacy
-
- What are biometrics? Unique biological traits used to identify you, like your fingerprint, iris scan, facial geometry or voiceprint.
- What’s the concern? Biometrics can’t be changed if stolen or misused like a password or credit card number can.
- How are biometrics collected? Fingerprint scanners, facial recognition cameras, voice recordings and other technologies can capture your biometric data, often without you realizing.
- Why do companies want biometrics? Biometric data is valuable for security, marketing, analytics and sales. Some businesses collect and sell it for profit.
- Are there laws on biometric privacy? Several states and cities have passed laws restricting collection and use of biometric data, some allowing lawsuits for violations.
Real-World Examples
-
- Illinois’ Biometric Information Privacy Act (BIPA) allows individuals to sue for violations, sparking class actions against Facebook, Google, and Snapchat.
- Texas’ Capture or Use of Biometric Identifier Act (CUBI) empowers the state Attorney General to sue companies for improper biometric practices.
- Madison Square Garden faces a proposed class action under New York City’s biometric privacy law for using facial recognition on customers.
2. Learn About New York City’s Biometric Privacy Law
-
- Effective Date: NYC’s biometric privacy ordinance took effect on July 9, 2021.
- Key Prohibitions: Bans private entities from selling, leasing, trading, or sharing for anything of value or profit biometric identifier info collected from customers.
- What’s Covered: “Biometric identifier information” explicitly includes facial geometry and scans.
- Who Can Sue: The law gives individuals a private right of action to sue for $500 per negligent violation, $5,000 per intentional or reckless violation, plus attorneys’ fees. Courts weigh factors like the nature and number of violations to assess total damages.
- Notable Omissions: Unlike some other biometric laws like Illinois’ BIPA, NYC’s ordinance doesn’t require notice and consent before collection, only restricts downstream uses.
Key Takeaways:
-
- If your facial geometry was scanned at a NYC business and they sold or otherwise profited from that data, you likely have a claim under this law.
- Even if you consented to the initial collection, a company still can’t profit from your biometric info without facing potential liability.
- The statute of limitations is typically 1 year for negligent violations and 3 years for intentional ones. However, this may vary depending on court interpretations of “continuing violations.”
3. Analyze the Allegations Against Citi Field & the NY Mets
-
- The Accusations: The class action alleges Citi Field, owned by the NY Mets, has collected facial scans of over 100,000 visitors since 2021, then illegally shared and profited from that biometric data.
- How It Allegedly Works: The stadium has a facial recognition security system that scans fans upon entry, checks them against a database, and alerts staff if there’s a match.
- Basis of the Sharing/Profit Claims: The lawsuit claims that Citi Field shared the facial data with a third-party software provider and indirectly profited by reducing security costs and incorporating a “biometric premium” into ticket prices—arguments that remain to be tested in court.
- Proposed Class: All individuals who entered Citi Field since July 9, 2021 and had their biometric info collected by the facial recognition system.
- Damages Sought: Statutory penalties of $500-$5000 per person, compensatory damages, injunction barring further violations.
Case Insights
-
- Key issues will be (1) whether sharing facial scans with the software provider counts as a “sale” or “trade”, and (2) if the alleged savings and ticket price premium qualify as “profiting” from biometric data under the law – both novel questions for courts to decide.
- Stadium may argue that scans are for security only and not commercial gain, which could require courts to evaluate whether cost savings or other indirect benefits qualify as “profits” under the law.
- Plaintiffs face challenges in quantifying the alleged profits and premiums tied to the biometric data usage.
4. Examine the Causes of Action Alleged
The class action complaint asserts three main legal claims against Citi Field and its owners:
(1) Violation of NYC Admin Code § 22-1202(b) – Prohibits selling, leasing, trading, sharing or otherwise profiting from biometric identifier info collected from customers.
Elements:
- (A) Defendant is a commercial establishment;
- (B) Defendant collected “biometric identifier information” from Plaintiff (facial scans clearly qualify);
- (C) Defendant sold, leased, traded, shared or otherwise profited from the biometric identifier information it collected.
Remedies: $500 per negligent violation, $5000 per intentional or reckless violation, attorneys’ fees
(2) Violation of NY General Business Law § 349 – Bars deceptive business acts and practices
Elements:
- (A) Defendant engaged in a materially deceptive or misleading act or practice;
- (B) Defendant’s conduct was consumer-oriented;
- (C) Plaintiff was injured by Defendant’s conduct.
Remedies: Actual damages or $50, whichever is greater; treble damages up to $1000; injunctive relief; attorneys’ fees
(3) Unjust Enrichment – Allows restitution when defendant unfairly profits at plaintiff’s expense
Elements:
- (A) Defendant was enriched;
- (B) Enrichment was at Plaintiff’s expense;
- (C) Circumstances make it unjust for Defendant to retain the enrichment.
Remedies: Restitution of Defendant’s wrongful profits
Important Notes on the Claims:
-
- The NYC biometrics law claim is the lead cause of action, as it most directly addresses the alleged misconduct and provides for sizeable statutory damages.
- GBL § 349 serves as a fallback claim, premised on Citi Field deceiving consumers by not disclosing it was monetizing their biometric data – but has a lower $50 minimum recovery.
- Unjust enrichment operates as an equitable backstop to disgorge any profits Citi Field unlawfully obtained at customers’ expense, even if the statutory claims fail.
5. Consider the Potential Defenses & Challenges
-
- Standing: Citi Field may argue Plaintiffs lack concrete injury from mere collection and sharing of their facial data for security, absent misuse or theft.
- Security Exception: Stadium could assert scans fall under the law’s exemption for “security purposes,” not commercial gain – but must prove no direct or indirect profiting occurred, which the law prohibits.
- No Sale or Profit: Defendants may contend the third-party software provider is just an agent, not a separate entity, so no data “sale” transpired. And that alleged savings/premium are too attenuated to be statutory “profits” from sharing biometrics.
- Damages: Even if liability is established, calculating statutory damages based on violation type/number, indirect economic benefits, and alleged price inflation will be highly complex.
- Class Certification: Individualized issues in proving each member’s biometrics were collected, shared and caused compensable harm could make class certification an uphill battle.
Potential Counter-Arguments
-
- Many courts deem invasion of biometric privacy rights a concrete “injury-in-fact” without more, undercutting standing defenses.
- The security exemption likely won’t apply if Citi Field both collected the data for protection but also monetized it as a separate commercial purpose.
- Plaintiffs can argue any sharing of biometric data with a third party for commercial benefit, even if not a direct sale, violates the NYC law’s broad restriction on profiting.
- Statistical evidence and expert analysis should be able to reasonably estimate the profits and economic advantages Citi Field derived from its alleged biometric data practices.
- Courts often find class treatment proper in statutory privacy actions where the core liability questions are common to all class members.
6. Understand the Case’s Implications & Next Steps
-
- Cutting-Edge Issues: Case raises novel questions about the scope of biometric privacy rights and what counts as unlawful profiting from such data that will shape future litigation and compliance.
- Warning to Businesses: Lawsuit puts companies on notice that covert biometric collection and sharing, even if ostensibly for security, may trigger liability if they derive economic benefits from the practice.
- More Suits to Come: As facial recognition and other biometric tech proliferates, we’ll likely see a surge of class actions under the NYC ordinance and other privacy laws.
- Legislative Reactions: Case could spur calls to strengthen the NYC law to require notice and consent for collection in the first place, not just restrict downstream profiteering uses.
- Pending Motions & Defenses: Citi Field will likely move to compel arbitration if ticketholders signed arbitration clauses, or to dismiss for failure to state a claim – arguing the security and no-profit defenses noted above.
Key Takeaways
-
- This landmark case is a major test of New York’s biometric law and could trigger a wave of similar lawsuits. The stakes are high—not just for Citi Field, but for any business using biometric tech.
- Businesses that deploy facial recognition and other biometric tools, even for security purposes, face substantial risks if they directly or indirectly profit from the data collected.
- Regardless of the outcome, more lawsuits and legislative proposals regulating biometric technologies are sure to follow in the case’s wake.
Conclusion
The Citi Field class action shines a spotlight on the growing tensions between biometric security screenings and personal privacy rights. As facial recognition and similar surveillance technologies become widespread at venues, operators must ensure they do not unlawfully exploit the vast amounts of sensitive biometric data collected for commercial purposes.
This groundbreaking lawsuit seeks to vindicate the privacy interests of potentially millions of individuals who have unwittingly had their facial geometry scanned and allegedly monetized by stadium proprietors. The case will test the reach and limits of NYC’s trailblazing biometric protection law, setting critical precedents for the many battles over our biometric identities to come.
Fans, businesses, policymakers and privacy advocates alike should follow this action closely, as it will help define the rules of the road for balancing biometric-based security with personal privacy in an age of ever-expansive surveillance. The days of surreptitiously profiting from patrons’ faces may be numbered as more of the public becomes attuned to, and asserts, their biometric privacy rights.
Test Your Biometric & Citi Field Class Action Knowledge
Questions:
- True or False: Biometric data includes a person’s fingerprints, facial geometry, voice print and DNA profile.
- Which NYC law is the main basis for the class action’s claims against Citi Field?
(A) NY Biometric Information Privacy Act
(B) NYC Biometrics Privacy Ordinance
(C) Stop Biometric Surveillance by Private Entities Act
(D) NY Uniform Biometric Standards Law - How can companies violate NYC’s biometric law?
(A) Failing to obtain written consent before capturing biometric data
(B) Not posting notices about biometric collection at business entrance
(C) Selling, sharing or profiting from biometric data collected from customers
(D) Retaining biometric information for longer than 1 year - What is the main allegation against Citi Field in the lawsuit?
(A) Failure to notify visitors facial recognition was in use
(B) Illegally sharing facial data collected for security with a third party software provider and indirectly profiting from it
(C) Using biometric systems with high error rates
(D) Failing to obtain consent before scanning fans’ faces - How much are the potential statutory damages under the NYC biometric law?
(A) $500 per negligent violation, $5,000 per intentional violation
(B) $1,000 per violation whether negligent or intentional
(C) Actual damages proved with no statutory amount
(D) $10,000 per intentional violation only
Answers:
- True. Common biometric identifiers include fingerprints, facial or hand geometry, voiceprints, iris scans, and DNA.
- B. The New York City Biometrics Privacy Ordinance, Local Law 3 of 2021, is the key law at issue.
- C. The NYC ordinance prohibits selling, leasing, trading, or sharing for profit biometric data collected from customers.
- B. The core claim is that Citi Field unlawfully shared facial data collected for security with a software provider and indirectly profited from it.
- A. The law allows $500 in damages for negligent violations, $5,000 for intentional or reckless ones, plus attorneys’ fees.
Need Legal Help?
If you need legal assistance, in any field of law, our free concierge service can connect you with experienced attorneys in any practice area and state. Contact us to learn more.
Also See
Bandage Betrayal: CVS Sued for “Forever Chemicals” in Bandages
Taken for a Ride: Parents Can’t Sue Uber Over Crash After Daughter’s Uber Eats Order
The $6,200 College Conspiracy: How Top Schools Allegedly Colluded to Inflate Tuition
Follow LawInc on Instagram
View this post on Instagram