March 23, 2023

Volume XIII, Number 82


March 22, 2023

Subscribe to Latest Legal News and Analysis

March 21, 2023

Subscribe to Latest Legal News and Analysis

March 20, 2023

Subscribe to Latest Legal News and Analysis

Biometric Privacy Class Actions Take Aim at Virtual “Try-On” Retailers

In recent months, there has been a surge of class actions brought under the Illinois Biometric Information Privacy Act (BIPA) against retailers using virtual “try-on” features on their websites. Virtual try-on technology recreates the in-person shopping experience by allowing online shoppers to visualize how products look on them.

When it comes to products that go on or around a person’s face, such as makeup, jewelry, and eyeglasses, virtual try-on tools use images of customers’ faces, which can trigger compliance obligations in connection with, and litigation risk under, biometric privacy laws such as BIPA.

In each of the recent cases discussed below, the named plaintiffs allege that the retailer defendants violated BIPA by failing to: (1) inform plaintiffs (and other proposed class members) in writing that the retailers were collecting their biometric information; (2) obtain written releases permitting the retailers to do so; and (3) develop and make publicly available a written policy for the retention and destruction of biometric identifiers.

These cases highlight the risks involved in offering a virtual try-on service. Providers should ensure that they get proper consent under BIPA and have a written and publicly available record retention and destruction policy in compliance with the law. Providers who find themselves subject to a BIPA challenge should contact counsel to develop a legal strategy for a successful resolution.

Makeup Virtual Try-On

In November 2022, the US District Court for the Northern District of Illinois declined to dismiss a BIPA class action involving a makeup try-on tool deployed across websites owned by The Estée Lauder Companies. Kukovec v. Estée Lauder Companies, Inc., No. 22 CV 1988, 2022 WL 16744196, at *1 (N.D. Ill. Nov. 7, 2022).

Estée Lauder’s online tool allows shoppers to upload a photograph or activate the camera on their device to see how a product looks on their face. In a lengthy decision, the court rejected all but one of Estée Lauder’s defenses.

First, the court ruled that Estée Lauder is subject to jurisdiction in Illinois. Although the try-on tool is geographically neutral and does not specifically target Illinois customers, the court concluded the tool is connected to Estée Lauder’s strategy to market and sell cosmetics in Illinois.

Second, the court declined to enforce the arbitration provision in Estée Lauder’s website terms and conditions, finding that the named plaintiff did not assent to or have constructive knowledge of those terms. The court distinguished between “clickwrap” agreements, which require a customer to affirmatively assent by clicking or checking a box, and “browsewrap” agreements, which provide that use of the website is taken as assent, albeit passive. The plaintiff only accessed web pages with browsewrap agreements, so the court analyzed the design and content of the pages and, specifically, the conspicuousness and placement of the terms and conditions link. The court concluded the link was not sufficiently conspicuous because: (1) users cannot see it unless they scroll all the way to the bottom of the page; and (2) it is located in the middle of 15 links to other pages and social media sites.

Third, the court found it was reasonable to conclude that the tool collects customers’ biometric data based on the allegation that the tool uses facial geometry scans from pictures or cameras to identify the shape and features of customers’ faces and overlay virtual makeup products onto the images.

Finally, the court agreed with Estée Lauder that the plaintiff failed to allege facts to support that Estée Lauder recklessly or intentionally violated BIPA. The court permitted plaintiff to proceed only on the theory that Estée Lauder committed a negligent violation of the statute. The distinction is significant as BIPA provides for $1,000 in statutory damages for each negligent violation and $5,000 for each reckless or intentional violation.

Eyeglasses Virtual Try-on

In December 2022, the US District Court for the Southern District of New York declined to dismiss a BIPA class action brought against Louis Vuitton concerning a virtual eyeglass try-on tool. Theriot v. Louis Vuitton N.A., --- F. Supp. 3d ---, 2022 WL 17417261 (S.D.N.Y. Dec. 5, 2022).

The court rejected Louis Vuitton’s arguments for dismissal of the claims alleging non-compliance with BIPA’s notice and consent requirements. First, Louis Vuitton argued that the third-party operator of the virtual try-on tool, FittingBox, which was not a party to the litigation, collects and processes consumers’ facial geometry — not Louis Vuitton. The court disagreed, concluding that the complaint adequately alleged that Louis Vuitton takes active steps to collect users’ facial scans, such as inviting them to take advantage of the website’s virtual try-on technology. Second, Louis Vuitton argued plaintiffs could not bring a BIPA claim because the events giving rise to the claims did not occur “primarily and substantially” in Illinois. The court rejected this argument as well because the plaintiffs alleged they were Illinois residents who used the virtual try-on tool while in Illinois.

The court did, however, dismiss the plaintiffs’ claims alleging lack of a publicly available data retention and destruction policy on the grounds that the plaintiffs lacked Article III standing. The court found no injury to support standing because the company’s duty was owed to the public generally, and the plaintiffs alleged only a failure to develop and publish a data retention policy rather than unlawful retention of their data.

On February 10, 2023, the US District Court for the Northern District of Illinois dismissed similar claims against Christian Dior alleging that the virtual eyeglass try-on feature on the luxury fashion brand’s websites violated BIPA. Warmack v. Christian Dior, Case No. 1:22-CV-04633 (N.D. Ill.).

Dior prevailed on a defense not raised by Louis Vuitton in its motion to dismiss — a health care exemption under BIPA for “information captured from a patient in a health care setting.” Dior argued that the exemption applies to the retail sale of nonprescription sunglasses like those the plaintiff allegedly virtually tried on. The plaintiff argued that: (1) she could not reasonably be considered a “patient” because she only sought nonprescription sunglasses; and (2) the virtual try-on experience was “an online shopping experience for high-end accessories” rather than a “health care setting.”

The court sided with Dior, noting that “sunglasses, even if non-prescription, protect one’s eyes from the sun and are Class I medical devices under the Food & Drug Administration’s regulations.” The court concluded the plaintiff was “an individual awaiting medical care” and therefore a “patient” because “the tool facilitates the provision of a medical device that protects vision.” The court further concluded that “the trying on and provision of sunglasses, even in a virtual setting,” is enough to count as a “health care setting.”

Jewelry and Hair Care Virtual Try-On

In November 2022, an Illinois resident filed a putative BIPA class action against Pandora Jewelry, LLC, and Pandora Ecomm, LLC, in the Circuit Court for Cook County, Illinois. Gielow et al. v. Pandora Jewelry LLC et al., Case No. 22-CH-11181 (Circuit Ct. Cook County, Ill.).

According to the complaint, Pandora — the third largest jewelry retailer in the United States — offers a virtual try-on tool on its website that allows customers to take and upload photographs of themselves. Pandora’s try-on feature analyzes customers’ facial geometry to model how selected jewelry products look on them.

In December 2022, another virtual try-on case alleging BIPA violations was filed by a proposed class of Illinois residents against a hair care retailer, Wella Operations US LLC, in US District Court for the Northern District of Illinois. Shores v. Wella Operations US LLC, Case No. 1:22-cv-07152 (N.D. Ill. Dec. 20, 2022).

The complaint alleges Wella violated BIPA by inviting consumers to virtually ‘try on’ hair dye through a website “Virtual Try-On” feature. The complaint includes screenshots of Wella’s website, showing a “Tap & Try!” button that prompts customers to upload a photograph of themselves. Once the photograph is analyzed, the tool models how different hair colors look on the customer. The complaint asserts that the combined claims of the proposed class exceed $5 million.


Companies considering offering virtual try-on tools should prepare for a potential BIPA class action lawsuit and take steps to minimize litigation exposure, including adopting BIPA-compliant disclosure, consent, and data destruction policies and procedures. Where BIPA claims have been asserted, companies should promptly seek outside counsel to develop a legal strategy for a successful resolution.

© 2023 ArentFox Schiff LLPNational Law Review, Volume XIII, Number 47

About this Author

Robert D. Boley Litigation Attorney Schiff Hardin Ann Arbor, MI

Rob represents clients in a wide range of litigation matters, including complex commercial and environmental disputes, and white collar investigations and litigation. He has experience representing clients before state and federal courts, as well as in investigations by government agencies and self-regulatory organizations.

Before joining Schiff Hardin, Rob was a litigation associate in the Chicago office of an international law firm.


  • Represented a Fortune 100 manufacturer in multiple lawsuits by regulators and property owners asserting claims under...
D. Reed Freeman FTC Defense Lawyer ArentFox

With nearly 30 years of experience in data privacy, data security, and FTC defense, Reed brings a mastery of the law and unparalleled experience to bear for the firm’s clients.

A recognized authority in privacy, data security, and FTC defense, Reed brings a mastery of the law and unparalleled experience to bear for the firm’s clients. He has represented clients in scores of FTC investigations involving privacy, data security, and advertising matters. He also defends companies in state consumer protection investigations and data breach responses...

Adam L. Littman Boston Privacy Attorney ArentFox Schiff

Adam L. Littman is a Partner at ArentFox Schiff's Boston office. His practice focuses on business litigation, privacy and cybersecurity, and employment law.  

In his business litigation practice, Adam represents companies and individuals in a wide variety of complex disputes, including cases involving shareholders in closely-held businesses, commercial contracts, real estate and business transactions, non-competition and restrictive covenants, fiduciary duties, trusts and estates, and professional malpractice. Adam has significant experience in...


Helenka has experience in a variety of practice areas. Prior to joining Schiff Hardin, Helenka served as a judicial extern for Justice Ann Walsh Bradley of the Wisconsin Supreme Court and as Editor in Chief of the Wisconsin Journal of Law, Gender and Society. She has drafted memoranda and briefs, interviewed clients, and assisted in research and writing for a broad range of legal matters.

Helenka approaches client questions with close attention to individual concerns, prioritizing achieving client goals with creativity and efficiency....

Nadav S. Pearl Boston Complex Litigator ArentFox Schiff

Nadav S. Pearl is an Associate in ArentFox Schiff's Complex Litigation Group. Nadav represents clients in a wide variety of complex litigation matters. 

Before joining ArentFox Schiff, Nadav served as a judicial law clerk to the Honorable David H. Hennessy on the US District Court for the District of Massachusetts, and worked as a litigation associate at a midsize firm in New York.

Before law school, Nadav completed two years of national AmeriCorps service with City Year Boston and the Justice Center of Southeast...