BeautyVault Security
Case Studies

Enforcement in Practice

Real cases. Real penalties. The same data your clients trust you with every day.

Case Study 01

Clearview AI

$51.75 Million Settlement
2025
What happened

Clearview AI built a facial recognition database by scraping billions of images from the internet without user knowledge or consent. The company stored and sold access to this biometric data to law enforcement and private companies.

The violation

No written consent. No disclosure to individuals. No published data retention policy. All requirements under Illinois BIPA.

The outcome

A federal judge granted final approval to a $51.75 million class action settlement in March 2025.

The parallel

Visia scans, Observ imaging, and before-and-after photography capture facial geometry. Without a BIPA-compliant written consent form before collection, your practice carries the same exposure category — regardless of size.

Case Study 02

Speedway

$12.1 Million Settlement
2025
What happened

Speedway used a fingerprint-based timekeeping system for employees across its locations. The system collected biometric data every time an employee clocked in or out.

The violation

Speedway failed to provide proper BIPA notice and obtain written consent before collecting fingerprint data. Litigation ran for eight years before resolution.

The outcome

A $12.1 million settlement was approved by a federal court in October 2025.

The parallel

If your practice uses any biometric system — including staff timekeeping, client check-in, or skin analysis devices — the same notice and consent requirements apply. The technology is not the liability. The missing paperwork is.

Case Study 03

Viakable

$417,000 Settlement
2025
What happened

Viakable, a smaller company, collected biometric data without meeting BIPA's consent and disclosure requirements.

The violation

Collection without proper written consent infrastructure in place.

The outcome

$417,000 settlement in 2025.

The parallel

BIPA exposure is not scaled to company size. A single-location practice faces the same per-violation statutory damages as a national chain. $417,000 is the more realistic number for a practice like yours — and it is still practice-ending money.

The pattern

The pattern is always the same.

In every case above, the biometric data collection itself was not the problem. Facial scans, fingerprints, and images are standard tools in modern business. What triggered liability in every instance was the absence of written consent infrastructure before collection began. BeautyVault Security builds that infrastructure. One engagement, done correctly, removes this category of exposure entirely.

See How We Work →