A Growing Wave of Class Actions Targets AI Video Interview Platforms for Collecting Biometric Data Without Consent.
If you have applied for a job in the past few years, there is a good chance an algorithm met you before any human did. AI-powered video interview platforms — designed to score candidates on their facial expressions, vocal patterns, word choices, and even posture — have become the gatekeepers of employment for thousands of employers. But a growing wave of class action litigation alleges these tools are doing something more troubling than simply assessing job performance: they may be collecting biometric data from millions of job seekers without proper consent, in violation of state privacy laws.
How AI Hiring Platforms Use Your Biometric Data
Modern AI hiring tools do not just record your interview. They use machine learning to extract a range of biometric markers from the video — including facial geometry, micro-expressions, eye-movement patterns, and vocal characteristics — which are then compared against trained models to score candidates on traits such as enthusiasm, communication skills, or “culture fit.” Some platforms also retain the underlying video and audio for years, in some cases using it to train the next generation of their models.
Under laws like the Illinois Biometric Information Privacy Act, 740 ILCS 14 (BIPA), facial geometry and voiceprints are classified as “biometric identifiers.” A private entity that collects them must (1) provide written notice that biometric data is being captured, (2) explain the specific purpose and length of storage, (3) obtain informed written consent before collection, and (4) maintain a publicly available retention and destruction schedule. Selling or otherwise profiting from the biometric data is prohibited outright. The penalties for noncompliance are significant — $1,000 per negligent violation and $5,000 per intentional or reckless violation — and the Illinois Supreme Court has held in Cothron v. White Castle System, Inc., 2023 IL 128004, that each separate scan of biometric data can constitute a separate violation.
A Growing Wave of Class Actions
Plaintiffs across multiple federal courts have accused AI video interview vendors and the employers who deploy them of collecting facial templates and voiceprints without disclosing how the data is used, retained, or shared. The complaints share a common thread: applicants were never informed in plain language that their biometric features were being analyzed by algorithms, much less that the resulting templates could be retained for years or used to train future commercial models.
These lawsuits raise an uncomfortable question for both employers and AI vendors: when a candidate clicks “record” on a video interview, what exactly are they consenting to? In most cases, the standard click-through terms of service do not satisfy BIPA’s strict written-consent requirement, which courts have held demands a clear, specific, and informed acknowledgment — not a buried hyperlink in a privacy policy. And under BIPA, an employer that deploys a noncompliant AI tool can be held liable alongside the vendor, even if the employer never directly handled the biometric data itself.
Why This Should Worry Every Job Seeker
For applicants, the consequences extend well beyond a single interview. Biometric data, once collected, is permanent — you cannot reissue your face the way you can change a password. If an AI vendor experiences a breach, sells data to a third party, or repurposes it to train future models, the harm cannot be undone. A facial template captured during a 30-minute interview in 2024 may still be sitting on a vendor’s servers — or in a downstream training dataset — a decade later.
The pressure on candidates makes the problem worse. AI-powered interviews are often the first, and sometimes only, gating step in the application process. Applicants who decline to record a video interview risk being eliminated from consideration, which means many feel they have no real choice but to consent. Coerced consent is exactly what biometric privacy statutes were enacted to prevent.
A Patchwork of Protections — and Where the Law Is Headed
Illinois remains the gold standard for biometric privacy enforcement, but it is no longer alone. Texas’s Capture or Use of Biometric Identifier Act, Tex. Bus. & Com. Code § 503.001, and Washington’s biometric privacy statute, RCW 19.375, both regulate the collection and retention of biometric identifiers, though each takes a different approach to enforcement. New York City’s Local Law 144, which took effect in 2023, separately requires employers using “automated employment decision tools” to conduct annual bias audits and notify candidates that an algorithm is being used in the hiring process. Several states have introduced their own algorithmic-hiring legislation, and federal regulators — including the Equal Employment Opportunity Commission — have signaled that AI hiring tools that produce discriminatory outcomes may violate Title VII regardless of the vendor’s intent.
For employers, the message is clear: relying on a vendor’s assurances is not a defense. For applicants, the message is equally clear: you have rights, and they are growing.
What You Can Do to Protect Yourself
Read the privacy notice carefully — before you record. Look for explicit language about biometric data collection, the specific purpose of the analysis, retention periods, and whether the data will be shared with third parties or used to train AI models. If the notice is vague, buried, or absent, that alone may be a BIPA violation.
Ask the employer. You have every right to ask, in writing, how your interview will be analyzed, who will see it, how long it will be stored, and whether the data will be used for any purpose beyond evaluating your application.
Know your state’s biometric privacy law. Even if you do not live in Illinois, BIPA may still protect you if the data was collected, processed, or stored there. Texas, Washington, and a growing list of other jurisdictions provide additional protections, and New York City requires bias-audit notices for any automated hiring tool used to evaluate candidates within the city.
Document the process. Save copies of the platform’s privacy disclosures, the email invitation, and any notice (or lack of notice) about biometric collection. Note the date of the interview, the platform used, and the employer involved. This information can be invaluable if a class action moves forward.
Mason & Perry LLP represents individuals and groups in privacy and consumer protection class action litigation. If you believe an AI hiring platform collected your biometric data without proper consent, contact us to discuss your options.