Insurtech Lemonade has agreed to pay $4 million to settle a class action lawsuit claiming that it unlawfully collected and stored the biometric information of its customers through its software.
The New York-based company has also agreed to delete all of the biometric identifiers it has collected, including retina scans, fingerprints, voiceprints, and scans of faces or hands. It said it stopped collecting such information in May 2021, after the suit was filed.
The plaintiffs had accused Lemonade of collecting the information from customers who provided a first notice of loss (FNOL) through a video claim submission.
The plaintiffs alleged that the insurer’s collection of such data without notifying its customers was in violation of the Illinois Biometric Information Privacy Act (BIPA), as well as New York, California, and other state laws and common law. Lemonade denied the allegations, and stipulates that its agreement to the settlement is not an admission of guilt.
BIPA, which was established in 2008, regulates the collection, use and handling of biometric identifiers by private companies, and allows for private citizens to sue companies that break the law.
For the purposes of the settlement, two sub-classes have been created, one for residents of Illinois, and the other for all other residents of the United States. The classes include all Lemonade customers who provided FNOL through a video claim submission between June 25, 2019 and May 27, 2021.
Under the terms of the settlement, 75% of the fund will be divided among the members of the Illinois sub-class, and 25% among the U.S. sub-class.
The preliminary settlement agreement was filed in the Circuit Court of the 18th Judicial Circuit in DuPage County, Illinois on May 17. A hearing to consider the fairness of the settlement has been scheduled for August 25, after which it may become final.
“The terms of the Settlement Agreement are preliminarily approved as fair, reasonable and adequate,” the court wrote. “There is good cause to find that the Settlement Agreement was negotiated at arm’s length between the parties, who were represented by experienced counsel.”
In the lawsuit, Clarke v. Lemonade, plaintiffs claimed that, between June 25, 2019 and May 27, 2021, Lemonade “collected, captured, received, or otherwise obtained and/or stored the biometric identifiers and biometric information (collectively, ‘biometric information’) of Plaintiffs and all other members of the Settlement Class … without obtaining informed written consent or providing the data retention and destruction policies to consumers,” according to the agreement.
The plaintiffs said the collection violated the Illinois Consumer Fraud and Deceptive Practices Act, the California Unfair Competition Law, and the California Business & Profession Code, as well as “other state consumer protection statutes, and other common-law duties,” the settlement states.
In the settlement, the plaintiffs acknowledged that some of the factual and legal defenses Lemonade was prepared to present “presented a risk that Plaintiffs may not prevail.” For its part, the insurer said it settled the case only “to avoid the expenditure of further legal fees and costs.”
“At all times, Lemonade has denied and continues to deny any wrongdoing whatsoever, denies that it committed, or threatened or attempted to commit, any wrongful act or violation of law or duty alleged in the [class] Action, and denies that certification of a litigation class is necessary or proper,” the agreement reads.
According to the agreement, representatives of Lemonade and the plaintiffs agreed to participate in private mediation in an attempt to resolve the case. They participated in a full day of mediation on Jan. 25 and then met again on March 18, when they confirmed the terms of a settlement.
A biometric retina scan. (D-Keine/iStock)