What happens next
Procedurally, here’s the likely path:
- Initial response:Home Depot may move to dismiss, arguing (for example) that the tech didn’t create biometric identifiers, that any vendor—not the retailer—controlled data, or that signage and store policies satisfied BIPA.
- Discovery:Emails, vendor contracts, kiosk specs, configuration files, retention settings, and internal policies become crucial. Who stored the data? For how long? Was it ever shared?
- Class certification:The court will decide whether common questions for all Illinois shoppers predominate over individual issues, a make-or-break moment in BIPA litigation.
- Merits or settlement pressure:If the case survives, statutory damages math and litigation costs can drive negotiations.
As a legal analyst, these are the elicitation-style specifics I’d push for—answers here usually separate allegation from liability:
- Exact functionality:Was the system configured for facial recognition (identity) or face analytics (patterns), and were templates stored?
- Data trail:What logs, hashes, or templates exist per shopper? Where are they stored, and for how long?
- Written artifacts:Where is the public retention/destruction policy and the written consent workflow? If consent was embedded in signage, what did it say and where was it posted?
- Vendor role:Which third-party platforms were involved? Who trained the models, who controlled retention, and what did the service contracts promise about deletion and sharing?
- Scope & timeframe:Which Illinois stores, which kiosks, and since when? Precision here affects class size and exposure.
For Illinois shoppers:
If you used self-checkout at a Home Depot in Illinois, BIPA gives you concrete rights. In practice, that means:
