Amazon and Starbucks notched a decisive win in the fast-evolving world of biometric privacy litigation, securing the full dismissal of a proposed class action in the U.S. District Court for the Western District of Washington. The case had targeted Amazon’s “Just Walk Out” palm-scan technology and its use in partnership with Starbucks Pickup locations, alleging violations under New York City’s Biometric Identifier Information (BII) law.

After nearly two years of litigation, both parties agreed to dismiss all claims with prejudice. The defendants also waived all counterclaims—closing the chapter without further legal entanglements.

A Closer Look at the Case

The case consolidated two earlier actions brought under the BII statute, which prohibits businesses from collecting biometric data without “clear and conspicuous” signage and bars the sale or transfer of such data. Plaintiffs alleged that Amazon failed to properly notify customers that their biometric information was being collected and shared with third parties like Starbucks and Whole Foods.

However, Judge Ricardo S. Martinez previously pared down the case significantly. Starbucks was dismissed outright after the court found it had not independently deployed the “Just Walk Out” system. Whole Foods, as a wholly owned Amazon subsidiary, did not qualify as a third party under the BII law, undercutting claims of improper data sharing.

A key procedural hurdle also played a role: the BII statute requires customers to notify a business of signage violations and allows the business 30 days to cure the defect before a lawsuit can proceed. The court found that not all plaintiffs had followed this process, which led to the dismissal of many claims.

Why It Matters

The dismissal is part of a broader trend. Courts are increasingly scrutinizing biometric privacy claims at the threshold, and technical noncompliance with statutory requirements is proving fatal to many suits. In Rivera v. Google, for example, claims under Illinois’ Biometric Information Privacy Act (BIPA) were dismissed when plaintiffs failed to show biometric data was collected without appropriate notice. Similarly, in Barnes v. Meta Platforms, the court found that allegations involving face templates did not meet BIPA’s definition of biometric identifier collection.

Even Cothron v. White Castle, which confirmed that BIPA violations accrue per scan, underscored the procedural and statutory complexities that often govern these cases.

For businesses deploying biometric tools, this latest dismissal highlights the importance of rigorous compliance frameworks. Visible signage, clear consent mechanisms, and precise control over third-party data sharing are best practices that support a defensible posture.