The Chicago Cubs and their security partners are facing allegations of violating Illinois’ Biometric Information Privacy Act (BIPA) by collecting facial recognition data and other biometric identifiers from attendees at Wrigley Field without proper consent. An Illinois resident has filed a lawsuit claiming that the team unlawfully gathered this sensitive information from fans during games.
Under BIPA, organizations are required to obtain informed consent before collecting biometric data, such as facial scans or fingerprints, and must disclose the purpose and length of time for which the data will be collected and used. The act also mandates that entities establish and adhere to a publicly available retention schedule for destroying biometric information.
This lawsuit adds to a series of legal challenges faced by the Cubs concerning compliance with state and federal regulations. In July 2022, the U.S. Attorney’s Office for the Northern District of Illinois filed a lawsuit against the Cubs, alleging that renovations to Wrigley Field failed to meet the accessibility requirements of the Americans with Disabilities Act (ADA). The suit claimed that the team’s multi-year renovation project, known as the “1060 Project,” did not provide adequate accommodations for individuals with disabilities, particularly wheelchair users. ([justice.gov](https://www.justice.gov/usao-ndil/pr/us-attorney-s-office-files-suit-against-chicago-cubs-alleging-wrigley-field-renovations?utm_source=openai))
In October 2024, the Cubs reached a settlement with the U.S. Department of Justice to address these alleged ADA violations. The consent decree required the team to make several modifications to improve accessibility at Wrigley Field, including relocating wheelchair spaces to provide better views of the field and incorporating accessible seating into premium areas. ([justice.gov](https://www.justice.gov/usao-ndil/pr/justice-department-announces-settlement-and-consent-decree-chicago-cubs-over-alleged?utm_source=openai))
The recent BIPA lawsuit underscores the growing scrutiny over the use of biometric data by organizations and the importance of adhering to privacy laws designed to protect individuals’ sensitive information. Similar cases have resulted in substantial settlements; for instance, in February 2024, BNSF Railway agreed to pay $75 million to resolve a class-action lawsuit alleging violations of BIPA through the collection of fingerprint data without consent. ([reuters.com](https://www.reuters.com/legal/litigation/bnsf-railway-pay-75-mln-resolve-biometric-privacy-class-action-2024-02-27/?utm_source=openai))
As the legal landscape surrounding biometric data privacy continues to evolve, organizations are advised to review their data collection practices to ensure compliance with applicable laws and to avoid potential litigation.