If you’re shopping at Home Depot, you might want to watch out for facial recognition at the check-out counter. Benjamin Jankowski, a resident of Chicago, Illinois, is taking Home Depot to court after spotting the hardware store’s self-checkout kiosks using facial recognition without customers’ consent.
The class action lawsuit, filed on August 1, claims that Home Depot is violating Illinois’ 2008 Biometric Information Privacy Act (BIPA), and asks the court for up to $5,000 in damages from Home Depot for every violation. Considering there are 76 Home Depot locations across Illinois, those fines could total well into the millions if Jankowski wins the case.
On June 22, Jankowski visited his local Home Depot in Chicago and had to use a self-checkout kiosk since no cashiers were available. While checking out, Jankowski noticed a camera and display above the kiosk, where his face was surrounded by a green box, a common sign of facial recognition. Jankowski took a photo of the display, noting that there were no signs or notices around the store to warn customers that Home Depot was collecting biometric data.
That goes against the requirements of the Biometric Information Privacy Act, which is designed to protect Illinois residents’ biometric data from collection and misuse by businesses. BIPA requires businesses to get written consent to collect or disclose biometric identifiers, destroy that biometric data at a certain point, and store it securely in the meantime.
A 2019 case, Rosenbach v. Six Flags, set the precedent for Illinoisans to sue companies just for unlawfully collecting their biometric data based on BIPA. In that case, a mother sued Six Flags for taking her son’s fingerprints without BIPA-compliant notice and consent. Even though Six Flags didn’t cause “actual injury” by misusing that biometric data in some way, the court still found that it committed a “technical violation” of BIPA worthy of awarding damages to Rosenbach.
That was a similar situation to what Jankowski is claiming happened during his visit to Home Depot. Both cases highlight the importance of getting people’s permission before even collecting their biometric data, regardless of how it’s used. Home Depot’s VP of Asset Protection, Scott Glenn, emphasized in a 2024 interview that the company’s use of computer vision is for security purposes, specifically stopping theft.
Even so, many people may be uncomfortable with their biometric data getting collected without their knowledge or permission. After all, if that data is somehow compromised, people have no way to change biometrics like you would change a stolen password. Of course, almost any store you go into these days could be collecting your biometric data, but as Jankowski’s case highlights, shoppers have a right (at least in Illinois) to get a fair warning about that data collection.
