Security News > 2021 > June > Six Flags to Pay $36M Over Collection of Fingerprints
Theme park operator Six Flags has agreed to pay $36 million to settle a class-action lawsuit over its acquisition of the fingerprint data of visitors to its theme parks.
The Illinois Supreme Court ruled in the case Rosenbach v. Six Flags that collecting biometric data at premises' gates by scanning fingerprints of people who enter the company's theme park violates Illinois Biometric Information Privacy Act.
The case involved a mother, Stacy Rosenbach, who in 2016 sued Six Flags Entertainment Corp. after the Gurnee, Illinois, branch of the theme park scanned the fingerprint of her 14-year-old son Alex without obtaining written consent and without properly disclosing the company's business practices as to how they would use the data.
After passing through lower courts, the case made it to the Illinois Supreme Court, where Six Flags filed a motion to dismiss the case, claiming that Rosenbach was not an "Aggrieved party" according to the BIPA because she had not proven an actual injury under the law.
Mediation between the parties occurred, after which they agreed to a settlement that entitles anyone who first had their finger scanned by Six Flags Great America when entering the park between October 1, 2013, and April 30, 2016, to receive up to $200. People who first had their finger scanned when entering the park between May 1, 2016, and December 31, 2018, could receive up to $60. The case is not the first time the BIPA has been cited by a lawsuit aiming to limit a company's collection of biometric data, which in and of itself has been a hotbed of controversy for its privacy implications.
One privacy organization backed Rosenbach's case against Six Flags with a legal brief called an amicus to lend support for its position against the collection of biometric data by amusement parks.
News URL
https://threatpost.com/six-flags-to-pay-36m-over-collection-of-fingerprints/167103/