Home Depot Sued Over Facial Recognition Technology

08/23/2025

This report details a recent legal challenge against Home Depot concerning its use of facial recognition technology in Illinois, focusing on privacy implications and relevant legal precedents. It explores the core accusations, the pertinent state law, and the potential ramifications for both consumers and businesses.

Your Face, Their Data? The Unseen Scrutiny at Self-Checkout

Legal Challenge Against Unconsented Biometric Collection

A recent class-action lawsuit has been initiated against Home Depot in Illinois, asserting that the company's self-checkout systems employ facial recognition technology without explicit customer approval. This legal action, filed by a Chicago resident, spotlights concerns regarding the collection of biometric data by retailers and the imperative for informed consent.

Illinois' Biometric Information Privacy Act (BIPA) and Its Mandates

The lawsuit contends that Home Depot's practices contravene the Illinois Biometric Information Privacy Act (BIPA) of 2008. This pivotal legislation is designed to safeguard the biometric information of Illinois citizens, stipulating that businesses must obtain written consent before gathering or sharing such data. Furthermore, BIPA dictates the secure storage and timely destruction of collected biometric identifiers.

The Incident: A Customer's Discovery and Subsequent Action

The plaintiff's discovery occurred during a visit to a Chicago Home Depot, where he observed a camera at a self-checkout kiosk displaying a green box around his face—a clear indicator of facial recognition in operation. Crucially, the customer noted the absence of any visible notices or signage informing patrons about the collection of their biometric data, which prompted the legal proceedings.

Precedent-Setting Rulings and Their Impact on Biometric Privacy

The current legal challenge draws parallels to the landmark 2019 case of Rosenbach v. Six Flags in Illinois. This case established that companies could be held liable for "technical violations" of BIPA, even if no direct harm resulted from the misuse of biometric data. This precedent empowers individuals to seek damages for the mere unauthorized collection of their biometric information, irrespective of subsequent misuse.

The Broader Implications of Unregulated Biometric Data Collection

While retailers like Home Depot may assert that such technologies are integral to security and loss prevention, the ongoing debate underscores a fundamental conflict between corporate surveillance and individual privacy rights. The inherent immutability of biometric data, unlike passwords or other changeable identifiers, amplifies the risks associated with its unauthorized collection and potential compromise, making transparency and consent paramount.