Contrary to what the title suggests, Popeyes has not defeated the biometric privacy lawsuit filed by its employees. As of March 2026, the case remains pending in federal court. In 2019, Popeyes implemented a fingerprint scanning system for employee timekeeping without obtaining the written consent required by Illinois law, prompting former employee Latoya Roberts to file a class action lawsuit on behalf of all affected workers. The case, filed in Cook County Circuit Court in 2021 and later removed to federal court, seeks statutory damages and compliance with the Illinois Biometric Information Privacy Act (BIPA).
This article explains what actually happened with the lawsuit, the status of the case, and what it means for employees who were forced to provide their biometric data without proper authorization. The distinction between a lawsuit being pending and defeated is critical for anyone considering their rights or compensation options. Many consumers see headlines about major companies and assume outcomes without checking the current status. This lawsuit remains active litigation, and employees affected by the fingerprint scanning requirement may still have claims available to them depending on how the case resolves.
Table of Contents
- What Was Popeyes’ Biometric Privacy Violation?
- When Was the Case Removed to Federal Court and What’s the Current Status?
- What is the Illinois Biometric Information Privacy Act (BIPA)?
- How Did the August 2024 BIPA Amendment Change the Game?
- What Rights Do Employees Have in a Pending BIPA Lawsuit?
- How Does This Compare to Other Biometric Privacy Cases?
- What Should Employees Do Now?
- Frequently Asked Questions
What Was Popeyes’ Biometric Privacy Violation?
From approximately September 2019 to January 2020, Popeyes Louisiana Kitchen required employees to scan their fingerprints as part of the timekeeping system. The company did not provide written consent forms, did not disclose in writing that it was collecting biometric data, and did not maintain data retention or destruction policies as required by Illinois law. This is fundamentally different from voluntary biometric systems where employees knowingly opt in—Popeyes made it mandatory without the legal safeguards.
The lawsuit was brought by Latoya Roberts and filed against Restaurant Brands International Inc. and Popeyes Louisiana Kitchen, Inc., seeking relief not just for her, but for the entire class of employees affected during that period. The alleged violations included collecting biometric information without written notice, failing to obtain written consent, and breaching the data protection requirements embedded in BIPA. Each fingerprint scan during that timeframe potentially constituted a separate violation.
When Was the Case Removed to Federal Court and What’s the Current Status?
The original case, numbered 2021CH00353, was filed in Cook County Circuit Court, Illinois. On March 4, 2021, the defendant companies removed the case to federal court, which is a common procedural move when federal law is involved. As of March 2026, no public records indicate that Popeyes has won dismissal of the case, achieved summary judgment in its favor, or that the case has been decided against the employees.
The litigation remains active and pending resolution. However, if you’ve seen recent news claiming otherwise, it’s worth verifying against official court records, as lawsuits can settle confidentially and news coverage sometimes lags behind court filings. The multi-year timeline reflects the reality of biometric privacy litigation—these cases often take years to resolve, either through settlement negotiations or court decisions. During this time, legal standards have actually shifted in ways that could affect both the plaintiffs’ and defendant’s positions, which brings us to a significant development in 2024.
What is the Illinois Biometric Information Privacy Act (BIPA)?
Illinois Biometric Information Privacy Act is one of the strictest state-level biometric privacy laws in the United States. BIPA requires that before collecting biometric information—which includes fingerprints, iris scans, facial recognition, and voiceprints—companies must provide written notice and obtain written consent. Companies must also disclose how the biometric data will be used, how long it will be stored, and how it will be destroyed. The law imposes statutory damages of $1,000 to $5,000 per violation per person, which can add up quickly when a class of employees is involved and fingerprints were scanned repeatedly over months.
What makes BIPA powerful compared to other privacy laws is that it allows individuals to sue directly without proving actual harm. You don’t have to show that your fingerprint was stolen or misused—the violation itself, the failure to get written consent, is the injury. This is why companies take BIPA violations seriously, and why Popeyes’ implementation without proper consent created significant legal exposure. However, a 2024 amendment modified these damages calculations, which affects how much potential recovery looks like for the employees in this case.
How Did the August 2024 BIPA Amendment Change the Game?
In August 2024, Illinois modified BIPA to cap damages for certain violations. Previously, each fingerprint scan without consent could be a separate violation, potentially resulting in damages multiplying across hundreds of scans. Under the amendment, damages for notice-and-consent violations are now limited to $5,000 per person, with only one violation per person per company, regardless of how many times the biometric data was collected. For Popeyes employees, this means that instead of $1,000 to $5,000 multiplied by the number of fingerprint scans each person provided, the recovery is now capped at a single $5,000 per person payment.
This is a significant shift that affects both sides of the litigation. For employees, it reduces the theoretical maximum recovery but may also make settlement more attractive to the company, potentially bringing resolution closer. For Popeyes, it reduced their potential liability but doesn’t eliminate it. The amendment applies to violations occurring after its effective date, but there are ongoing legal questions about whether it applies retroactively to violations that occurred in 2019–2020. This uncertainty could influence settlement negotiations or court decisions.
What Rights Do Employees Have in a Pending BIPA Lawsuit?
If you were required to scan your fingerprint at Popeyes during the September 2019 to January 2020 period, you are potentially part of the class in this lawsuit. This means you may have a claim for damages without having to file your own separate lawsuit—the class action lawsuit represents your interests. Class members typically don’t have to do anything until the case settles or is decided; then the settlement administrator or court notifies you of your rights and how to file a claim.
One important limitation: if Popeyes and the plaintiff’s attorneys reach a settlement, the terms of that settlement will determine what you’re eligible to receive. Settlement amounts vary widely—they might be a fixed amount per person, or the total fund might be divided based on the number of scans each person provided. It’s also possible that the case could go to trial and a jury could decide the outcome, though most employment class actions settle. If you believe you were affected and want to monitor this case, you can search for case updates using the case number (2021CH00353) or monitor settlement notice websites.
How Does This Compare to Other Biometric Privacy Cases?
Biometric privacy lawsuits have exploded over the past five years, with cases involving fingerprints, facial recognition, and even voice analysis. Some of the largest settlements in biometric privacy litigation have exceeded $100 million, though the Popeyes case—which involves a single company and a limited class of employees over a specific four-month period—is more modest in scope.
Other notable BIPA cases have involved security and technology companies, not food service, which means there’s less existing precedent specifically for restaurant employee biometric scanning. However, the fundamental legal principle is the same across all BIPA cases: collection without written consent is a violation. The difference in the Popeyes case is scale—it’s a smaller class (restaurant employees at a specific company rather than millions of users nationwide) and a limited timeframe (four months rather than years), which affects both the potential total damages and the likelihood of different resolution paths.
What Should Employees Do Now?
If you worked at Popeyes and were required to provide a fingerprint scan between September 2019 and January 2020, keep documentation of your employment dates. You may receive a notice about the settlement or court decision; if you do, read it carefully to understand your claims process and deadline.
Class action settlements typically have claim deadlines, and missing them means you lose your right to recovery. The litigation landscape around biometric privacy continues to evolve, with more states considering laws similar to BIPA and courts still working out how to interpret and apply these statutes. The Popeyes case represents an important example of employer overreach with biometric data collection, and its eventual resolution—whether through settlement or judgment—will add to the body of law protecting employees’ privacy rights.
Frequently Asked Questions
What is considered biometric information under BIPA?
Biometric information includes fingerprints, iris or retina scans, voice prints, facial recognition, and any other unique biological or physiological measurement used to identify individuals. Popeyes’ use of fingerprint scanning for timekeeping falls squarely into this definition.
Do I have to be employed by Popeyes right now to be part of the class action?
No. The lawsuit covers anyone who was a current or former employee of Popeyes and was required to provide a fingerprint scan during the September 2019 to January 2020 period, regardless of whether you still work there.
How much money could I receive from this lawsuit?
Under the amended BIPA law, damages are capped at $5,000 per person for notice-and-consent violations. The actual amount you receive in a settlement will depend on the settlement terms, which may be a flat amount per person or calculated based on how many fingerprint scans you provided.
What’s the difference between the original lawsuit amount and the current damages cap?
Originally, each fingerprint scan without consent could be counted as a separate violation, potentially totaling thousands of dollars per person. The August 2024 amendment reduced this to a single $5,000 violation per person per company, significantly lowering potential recovery but also potentially making settlement more likely.
What should I do if I haven’t heard about this lawsuit yet?
Document your employment dates at Popeyes, particularly if you worked there between September and January 2020. When a settlement is reached or the case is decided, a settlement administrator will likely attempt to contact known class members via mail or email. You can also search the case number (2021CH00353) online to monitor updates.
Will this case ever go to trial or will it definitely settle?
That’s unknown. Many employment class actions settle before trial, but settlement isn’t guaranteed. If Popeyes and the plaintiffs can’t agree on settlement terms, the case could go to trial where a jury would decide. Both sides have incentives to settle given the uncertain outcome and legal costs.
You Might Also Like
- Harriet Carter Gifts Defeats Wiretapping Lawsuit Over Website Tracking
- Standards Home Health Data Breach Prompts Lawsuit Investigation
- Social Media Companies Face Growing Legal Pressure Over Youth Addiction
Open Settlements You Can Claim Now
Browse current class action settlements accepting claims — several require no proof of purchase: