An Alabama district court recently granted dismissal of a class action asserting Illinois Biometric Information Privacy Act (“BIPA”) claims brought by Illinois residents against ProctorU, Inc. in Thakkar v. ProctorU Inc., No. 2:21-cv-01565 (N.D. Ala.).  The district court concluded that a choice-of-law provision contained in the terms of service and which required the application of Alabama law precluded the application of BIPA to the conduct alleged.

In Thakkar, plaintiffs alleged that ProctorU—a company that develops, owns, and operates an online proctoring software that provides remote proctoring services—collected, stored, and used biometric data, specifically facial geometry, of test takers who used their software.  Plaintiffs, all students who were also Illinois residents, used ProctorU while taking online examinations.  Plaintiffs alleged that ProctorU violated BIPA by not having consent to capture, store, or use their biometric data and by continuing to retain their biometric data beyond its intended use.  The case was initially brought in an Illinois federal district court before being transferred to Alabama based on a forum selection clause in the terms of the service.

The Alabama district court concluded that the choice-of-law provision, requiring the application of Alabama law, barred the BIPA claims brought in Thakkar

The court concluded that the BIPA claims were governed by the choice-of-law provision in the terms of service.  Plaintiffs argued that the choice-of-law provision only applied to claims arising out of or based on the terms of service, and not to those based on actual services rendered.     The district court rejected these “line drawing” arguments.  The court found that the claims arose out of both ProctorU’s actual rendered services and the terms of service where: (1) ProctorU’s services are subject to the separate ProctorU privacy policy; and (2) this privacy policy, which was implicated by the claims, was expressly incorporated into the governing terms of services.  The court further rejected Plaintiffs’ arguments that the choice-of-law provision did not apply because the BIPA claims were statutory torts, which would evade the application of a choice-of-law provision in certain jurisdictions.  The court found that the BIPA claims were within the scope of the choice-of-law provision, that Alabama law therefore governed, and that the claims should be dismissed because it was not actionable under Alabama law.

Tags: BIPA, Data Privacy, Eleventh Circuit, Litigation, privacy, technology
Print:
Email this postTweet this postLike this postShare this post on LinkedIn
Photo of Kathryn Cahoy Kathryn Cahoy

Kate Cahoy co-chairs the firm’s Class Actions Litigation Practice Group and serves on the leadership committee for the firm’s Technology Industry Group. She defends clients in complex, high-stakes class action disputes and has achieved significant victories across various industries, including technology, entertainment, consumer…

Kate Cahoy co-chairs the firm’s Class Actions Litigation Practice Group and serves on the leadership committee for the firm’s Technology Industry Group. She defends clients in complex, high-stakes class action disputes and has achieved significant victories across various industries, including technology, entertainment, consumer products, and financial services. Kate has also played a key role in developing the firm’s mass arbitration defense practice. She regularly advises companies on the risks associated with mass arbitration and has a proven track record of successfully defending clients against these challenges.

Leveraging her success in class action litigation and arbitration, Kate helps clients develop strategic and innovative solutions to their most challenging legal issues. She has extensive experience litigating cases brought under California’s Section 17200 and other consumer protection, competition, and privacy laws, including the Sherman Act, California Consumer Privacy Act (CCPA), California Invasion of Privacy Act (CIPA), Wiretap Act, Stored Communications Act, Children’s Online Privacy Protection Act (COPPA), Video Privacy Protection Act (VPPA), along with common law and constitutional rights of privacy, among others.

Recent Successes:

Represented Meta (formerly Facebook) in a putative nationwide advertiser class action alleging violations under the California Unfair Competition Law (UCL) related to charges from allegedly “fake” accounts. Successfully narrowed claims at the pleadings stage, defeated class certification, opposed a Rule 23(f) petition, won summary judgment, and defended the victory on appeal to the Ninth Circuit. The Daily Journal selected Covington’s defense of Meta as one of its 2021 Top Verdicts, and Law.com recognized Kate as a Litigator of the Week Shoutout.
Defeated a landmark class action lawsuit against Microsoft and OpenAI contending that the defendants scraped data from the internet for training generative AI services and incorporated data from users’ prompts, allegedly in violation of CIPA, the Computer Fraud and Abuse Act (CFAA), and other privacy and consumer protection laws.

Kate regularly contributes to the firm’s blog, Inside Class Actions, and was recently featured in a Litigation Daily interview titled “Where Privacy Laws and Litigation Trends Collide.” In recognition of her achievements in privacy and antitrust class action litigation, the Daily Journal named her as one of their Top Antitrust Lawyers (2024), Top Cyber Lawyers (2022), and Top Women Lawyers in California (2023). Additionally, she received the Women of Influence award from the Silicon Valley Business Journal and was recognized by Daily Journal as a Top Attorney Under 40.

Read more about Kathryn CahoyEmail
Show more Show less