2024 IL App (1st) 231826
FIFTH DIVISION August 30, 2024
IN THE APPELLATE COURT OF ILLINOIS FIRST DISTRICT
No. 1-23-1826
MACAIRE MARINO, Individually and on Behalf of ) Others Similarly Situated, ) Appeal from the ) Circuit Court of Plaintiff-Appellee, ) Cook County. ) v. ) No. 22 CH 06182 ) GUNNAR OPTIKS LLC, ) Honorable ) Anna Loftus, Defendant-Appellant. ) Judge Presiding.
JUSTICE MIKVA delivered the judgment of the court, with opinion. Justices Lyle and Navarro concurred in the judgment and opinion.
OPINION
¶1 Plaintiff Macaire Marino filed a class action complaint alleging that defendant Gunnar
Optiks LLC (Gunnar)—a corporation that sells eyeglasses and other optical wear online—violated
the Biometric Information Privacy Act (Act) (740 ILCS 14/1 et seq. (West 2022)) through the
collection of facial geometry scans in connection with its “virtual try-on” software (software).
Gunnar filed a motion to dismiss the action, arguing that any information collected by the software
fell within a health care exclusion to the Act’s definition of “biometric identifier” and therefore
did not violate the Act. The circuit court granted the motion to dismiss with respect to all claims
regarding prescription eyewear but denied it with respect to claims for nonprescription eyewear. No. 1-23-1826
The court also granted Gunnar’s motion to certify the following question under Illinois Supreme
Court Rule 308 (eff. Oct. 1, 2019):
“Pursuant to the health care exemption under the Biometric Information Privacy
Act 740 ILCS 14/10, is an individual who tries on non-prescription sunglasses utilizing a
virtual try-on tool that captures certain biometric information, considered a patient in a
health care setting?”
¶2 For the following reasons, we answer the question in the negative.
¶3 I. BACKGROUND
¶4 Because this case centers on whether certain information constitutes a biometric identifier
or biometric information under the Act, we begin with an overview of the pertinent sections of the
Act.
¶5 A. The Biometric Information Privacy Act
¶6 The Act “was enacted in 2008 to help regulate ‘the collection, use, safeguarding, handling,
storage, retention, and destruction of biometric identifiers and information.’ ” McDonald v.
Symphony Bronzeville Park, LLC, 2022 IL 126511, ¶ 20 (quoting 740 ILCS 14/5(g) (West 2016)).
“Through the Act, our General Assembly has codified that individuals possess a right to privacy
in and control over their biometric identifiers and biometric information.” Rosenbach v. Six Flags
Entertainment Corp., 2019 IL 123186, ¶ 33.
¶7 To effectuate this goal, section 15 of the Act imposes certain duties on private entities
“regarding the collection, retention, disclosure, and destruction of a person’s or customer’s
biometric identifiers or biometric information.” Id. (citing 740 ILCS 14/15 (West 2016)).
“Accordingly, when a private entity fails to comply with one of section 15’s requirements, that
violation constitutes an invasion, impairment, or denial of the statutory rights of any person or
2 No. 1-23-1826
customer whose biometric identifier or biometric information is subject to the breach.” Id. Section
20 provides that “[a]ny person aggrieved by a violation of [the] Act shall have a right of action”
with certain rights of recovery. 740 ILCS 14/20 (West 2022). And, as our supreme court has
recognized, a person whose biometric identifier or information was involved in a private entity’s
violation of the Act is clearly “ ‘aggrieved’ within the meaning of section 20 of the Act [citation]
and entitled to seek recovery under that provision.” Rosenbach, 2019 IL 123186, ¶ 33.
¶8 The Act defines “biometric information” as “any information, regardless of how it is
captured, converted, stored, or shared, based on an individual’s biometric identifier used to identify
an individual.” 740 ILCS 14/10 (West 2022). A biometric identifier, in turn, is “a retina or iris
scan, fingerprint, voiceprint, or scan of hand or face geometry.” Id. Section 10, however,
specifically excludes from its definition of “biometric identifier,” “information captured from a
patient in a health care setting or information collected, used, or stored for health care treatment,
payment or operations under the federal Health Insurance Portability and Accountability Act of
1996 [(HIPAA) 42 U.S.C. § 201 et seq. (2018)].” Id. We will refer to this as the health care
exclusion.
¶9 It is the first part of this exclusion—excluding “information captured from a patient in a
health care setting”—that is relevant to the certified question before us.
¶ 10 B. Procedural History
¶ 11 Ms. Marino filed the complaint in her putative class action against Gunnar on June 27,
2022. In it, she alleged that Gunnar, a California corporation, “sells various eyeglasses and optical
wear online” and that, “[a]s part of its sales pitch, [it] offers consumers the ability to do a ‘Virtual
Try-On’ for different glasses frames.” According to the complaint, the virtual try-on software
“scans a potential customers’ face, identifies the potential customers’ facial geometry, and then
3 No. 1-23-1826
allows that potential customer to ‘try on’ hundreds or thousands of various cosmetic products.”
¶ 12 Ms. Marino alleged that the software “functions, at least in part, by scanning, collecting,
storing, and using customers’ or potential customers’ facial biometrics.” Ms. Marino alleged that,
by virtue of the software, Gunnar “collected, captured, or otherwise obtained, [Ms. Marino]’s and
other consumers’ biometric identifiers and biometric information” and violated the Act by failing
to follow several of section 15’s requirements. See id. § 15.
¶ 13 Ms. Marino asked the court to appoint her as the class representative, enter judgment in
favor of her and the class, award her and the class monetary damages and reasonable attorney fees
and costs, and enter an order “requiring [Gunnar] to make disclosures consistent with the Act and
enjoining further unlawful conduct.” On June 29, 2022, Ms. Marino moved for class certification.
¶ 14 On November 15, 2022, Gunnar filed its motion to dismiss the class action complaint,
pursuant to section 2-619 of the Code of Civil Procedure (735 ILCS 5/2-619 (West 2022)).
According to Gunnar, “a threshold issue in this case is whether the facial geometry biometric
identifiers or biometric information ‘at issue fall within [the Act’s] health care [exclusion]’ ”
(quoting Vo v. VSP Retail Development Holding, Inc., No. 19-C-7187, 2020 WL 1445605, at *2
(N.D. Ill. Mar. 25, 2020)). Gunnar argued that its use of the software fell within the Act’s health
care exclusion and that, accordingly, it could not be held liable under the Act for its collection and
use of information with the software.
¶ 15 Following a hearing, the circuit court granted in part and denied in part Gunnar’s motion
to dismiss. The court ruled that the motion was granted “for all claims concerning prescription
eyewear.” In that part of its ruling, the court relied on the second part of the Act’s health care
exclusion, excluding “information collected, used, or stored for health care treatment, payment or
operations under” HIPAA (740 ILCS 14/10 (West 2022)) and the HIPAA definition of “health
4 No. 1-23-1826
care” as specifically including “[s]ale or dispensing of a drug, device, equipment, or other item in
accordance with a prescription.” 45 C.F.R. § 160.103 (2002).
¶ 16 The circuit court denied the motion to dismiss “for all claims concerning non-prescription
eyewear” because, according to the court, Ms. Marino “was not a ‘patient’ within the scope” of
the health care exclusion when she used the virtual try-on software to “try on” nonprescription
sunglasses.
¶ 17 On June 30, 2023, Gunnar moved to certify the following question as an interlocutory
appeal under Illinois Supreme Court Rule 308 (eff. Oct. 1, 2019): “Pursuant to the health care
exemption under the Biometric Information Privacy Act 740 ILCS 14/10, is an individual being
fitted for non-prescription eyewear, through the capture of certain biometric information,
considered a patient in a health care setting?” The circuit court granted that motion, we granted the
petition for leave to appeal, and this appeal followed.
¶ 18 II. JURISDICTION
¶ 19 The circuit court granted the motion to certify on September 8, 2023. Gunnar timely filed
its petition for leave to appeal under Rule 308 on October 10, 2023. On November 27, 2023, we
granted Gunnar’s petition. We thus have jurisdiction pursuant to Illinois Supreme Court Rule 308
(eff. Oct. 1, 2019), governing the interlocutory appeal of certified questions.
¶ 20 III. ANALYSIS
¶ 21 The certified question before us is as follows:
“Pursuant to the health care exemption under the Biometric Information Privacy
Act 740 ILCS 14/10, is an individual who tries on non-prescription sunglasses utilizing a
virtual try-on tool that captures certain biometric information, considered a patient in a
5 No. 1-23-1826
¶ 22 Certified questions are questions of law, for which our standard of review is de novo.
Mosby v. Ingalls Memorial Hospital, 2023 IL 129081, ¶ 29. And this question requires the
construction of a statute, something we also review de novo. Id.
¶ 23 “The fundamental rule of statutory construction is to ascertain and give effect to the
legislature’s intent.” (Internal quotation marks omitted.) Id. ¶ 30. “The most reliable indicator of
legislative intent is found in the statutory language, given its plain and ordinary meaning.” Doe v.
Burke Wise Morrissey & Kaveny, LLC, 2023 IL 129097, ¶ 46. “When a statute’s language is clear,
the language must be given effect without resort to other aids of statutory construction.” Village
of Kirkland v. Kirkland Properties Holdings Co., 2023 IL 128612, ¶ 50. “When the statutory
language is plain and unambiguous, a court may not depart from a statute’s plain language by
reading into the law exceptions, limitations, or conditions that the legislature did not express.”
(Internal quotation marks omitted.) Mosby, 2023 IL 129081, ¶ 31. “Nevertheless, in construing a
statute, the court may consider the reason for the law, the problems sought to be remedied, the
purposes to be achieved, and the consequences of construing the statute one way or another.”
(Internal quotation marks omitted.) Id.
¶ 24 The health care exclusion excludes from the Act’s definition of “biometric identifier” any
“information captured from a patient in a health care setting.” 740 ILCS 14/10 (West 2022). The
Act does not define either “patient” or “health care setting.” “Where a term is undefined, we
presume that the legislature intended the term to have its popularly understood meaning,” and “[i]t
is appropriate to employ a dictionary to ascertain the meaning of an otherwise undefined word or
phrase.” Metropolitan Life Insurance Co. v. Hamer, 2013 IL 114234, ¶ 20.
¶ 25 The first dictionary definition of “patient” is “an individual awaiting or under medical care
and treatment”; the second is “the recipient of any of various personal services.” Merriam-Webster
6 No. 1-23-1826
Online Dictionary, https://www.merriam-webster.com/dictionary/patient (last visited Aug. 21,
2024) [https://perma.cc/JZX7-CRV5]. We find the second definition to be so broad that it is
unhelpful in this context. Many “personal services” simply have nothing to do with health care.
The legislature limited this exclusion to a “patient” in a health care setting. This suggests to us that
the legislature was crafting an exclusion that had to do with health or medical care.
¶ 26 “When addressing the meaning of an undefined statutory term, it is the responsibility of
the court to choose a dictionary definition that most effectively conveys the intent of the
legislature.” People ex rel. Madigan v. Wildermuth, 2017 IL 120763, ¶ 17. Moreover, “[w]hen a
proffered reading of a statute leads to absurd results or results that the legislature could not have
intended, courts are not bound to that construction, and the reading leading to absurdity should be
rejected.” Dawkins v. Fitness International, LLC, 2022 IL 127561, ¶ 27. Here, we reject the notion
that the legislature intended the health care exclusion to be read so broadly as to encompass persons
receiving “various personal services.” See Robinson v. Meadows, 203 Ill. App. 3d 706, 710 (1990)
(finding certain definitions of statutory terms to be “so expansive” that “so literal an interpretation”
of those terms “would render the statute largely meaningless and yield unjust and absurd results”).
¶ 27 Accordingly, in understanding this exclusion, we begin with “patient” as defined as “an
individual awaiting or under medical care and treatment.” Merriam-Webster defines “medical” as
“of, relating to, or concerned with physicians or the practice of medicine” (Merriam-Webster
Online Dictionary, https://www.merriam-webster.com/dictionary/medical (last visited Aug. 21,
2024) [https://perma.cc/3DH5-W6K2]). “Given the commonly understood principles of grammar
and usage,” the adjective “medical” would modify both nouns that follow it: “care” and
“treatment.” Lyons Township ex rel. Kielczynski v. Village of Indian Head Park, 2017 IL App (1st)
161574, ¶ 26. Thus, a “patient” is someone who is presently awaiting or receiving care and
7 No. 1-23-1826
treatment from a medical professional. Our understanding is supported by Black’s Law Dictionary
(11th ed. 2019), which defines “patient” as “[a] person under medical or psychiatric care.”
¶ 28 Turning to the rest of the health care exclusion, “health care” is defined as “efforts made
to maintain, restore, or promote someone’s physical, mental, or emotional well-being especially
when performed by trained and licensed professionals.” (Emphasis added.) Merriam-Webster
Online Dictionary, https://www.merriam-webster.com/dictionary/health care (last visited Aug. 21,
2024) [https://perma.cc/H277-5L9J]. And a “setting” is defined as “the time, place, and
circumstances in which something occurs or develops.” Merriam-Webster Online Dictionary,
https://www.merriam-webster.com/dictionary/setting (last visited Aug. 21, 2024)
[https://perma.cc/Q4TL-HMXG].
¶ 29 Reading the entire phrase together, the health care exclusion applies, in our view, where
what would otherwise be biometric identifiers are taken from an individual who is presently
awaiting or receiving medical care in a time, place, or circumstance where efforts are being made
to maintain, restore, or promote that individual’s well-being, especially as performed by trained
and licensed professionals. In light of the broad current use of telehealth, the setting itself might
be almost anywhere but the definition is limited by the requirement that the individual is awaiting
or receiving medical care and the information is being collected as part of an effort to maintain or
restore or promote that person’s well-being.
¶ 30 Applying our understanding of the health care exclusion to the case before us, we find that
an individual who uses software to try on nonprescription sunglasses is not a patient in a health
care setting because they are not presently awaiting or receiving medical care. An individual who
is trying on nonprescription sunglasses—unconnected to any specific medical advice, prescription,
or need—is simply not within this statutory exclusion. We therefore answer the certified question
8 No. 1-23-1826
in the negative—the health care exclusion does not apply in this situation.
¶ 31 Gunnar relies on three federal cases: Vo, 2020 WL 1445605, Svoboda v. Frames for
America, Inc., No. 21-C-5509, 2022 WL 4109719 (N.D. Ill. Sept. 8, 2022), and Warmack-Stillwell
v. Christian Dior, Inc., 655 F. Supp. 3d 742, 746-48 (N.D. Ill. 2023). We agree with Gunnar that
these cases, which rely on each other to a large extent, support its position and appear to be the
only cases that have addressed this precise issue. As Gunnar recognizes, however, federal
decisions construing Illinois statutes are not binding on this court. Cameron v. Bogusz, 305 Ill.
App. 3d 267, 273 (1999). We do not find these decisions persuasive and decline to follow them.
¶ 32 The plaintiffs in each of those cases, like Ms. Marino, brought a class-action lawsuit under
the Act, seeking to represent a group of people who had used a company’s virtual try-on software.
The federal district courts granted all three companies’ motions to dismiss on the basis that the
Act’s health care exclusion applied.
¶ 33 The first of these federal cases is Vo. In that case, the court relied on the broad definitions
of “health care” that are in the regulations promulgated under HIPPA. Vo, 2020 WL 1445605,No.
19-C-7187 at *2. Those definitions include “ ‘[p]reventive, diagnostic, therapeutic, rehabilitative,
maintenance, or palliative care, and counseling, service, assessment, or procedure with respect to
the physical or mental condition, or functional status, of an individual or that affects the structure
or function of the body.’ ” Id. (quoting 45 C.F.R. § 160.103 (2002)). The Vo court reasoned that
the defendant provided health care “by offering a service or procedure that affects the function of
the body—namely vision.” Id.
¶ 34 In our view, the Vo court’s reliance on the HIPAA definition in interpreting the first part
of the Act’s health care exclusion—excluding “information captured from a patient in a health care
setting”—was misplaced. Recently, in Mosby, 2023 IL 129081, ¶ 37, our supreme court made clear
9 No. 1-23-1826
that the two parts of the Act’s health care exclusion are distinct:
“[T]he phrase prior to the ‘or’ and the phrase following the ‘or’ connotes two different
alternatives. The Illinois legislature used the disjunctive ‘or’ to separate the Act’s reference
to ‘information captured from a patient in a health care setting’ from ‘information
collected, used, or stored for health care treatment, payment, or operations under
[HIPAA].’ [Citation.] Pursuant to its plain language, information is exempt from the Act
if it satisfies either statutory criterion.”
Because the two parts are distinct, the HIPAA definitions apply only to the second part of the Act’s
health care exclusion—excluding information collected, used, or stored for health care treatment,
payment, or operations under HIPAA—which specifically references that statute. As our supreme
court explained in Mosby: “[T]he legislature’s decision to use the phrase ‘health care treatment,
payment, and operations’ and to immediately follow it with the prepositional phrase ‘under
[HIPAA]’ makes clear that the legislature was directing readers to HIPAA to discern the meaning
of those terms.” Id. ¶ 52.
¶ 35 Moreover, even if we agreed that the defendant in this case was offering a service that
could be considered health care, the person using the software was not a “patient” under the
dictionary definition that we think is clearly what the legislature had in mind.
¶ 36 The court in Svoboda relied on the decision in Vo. Svoboda, 2022 WL 4109719, at *2. The
court there rejected the plaintiff’s argument that Vo should not be followed because it relies on
“ ‘irrelevant HIPAA definitions.’ ” Id. But “out of an abundance of caution,” the court also looked
at the dictionary definitions and found that the plaintiff was a patient because she was “the recipient
of a ‘various personal service.’ ” Id. (quoting Merriam-Webster Online Dictionary,
https://www.merriam-webster.com/dictionary/patient (last visited Aug. 21, 2024)
10 No. 1-23-1826
[https://perma.cc/JZX7-CRV5]patient). However, as we discussed above, we find this definition
of “patient” is too broad to be helpful in understanding the Act’s health care exclusion. The
Svoboda court also relied on the fact that nonprescription sunglasses are considered Class I medical
devices by the Food and Drug Administration. Id. (citing 21 C.F.R. § 886.5850 (2000)).
¶ 37 The court in Warmack-Stillwell similarly relied on the fact that nonprescription sunglasses
are Class I medical devices and concluded that because the virtual try-on software in that case
“facilitate[d] the provision of a medical device that protects vision,” the plaintiff was necessarily
a patient receiving health care. Warmack-Stillwell, 655 F. Supp. 3d at 746. This was the primary
basis for the court’s decision in that case, which also relied on both Svoboda and Vo. Id. at 747-48.
¶ 38 We disagree with the conclusion in both Svoboda and Warmack-Stillwell that, because
nonprescription sunglasses are a Class I medical device, the person using the try-on software is a
“patient.” Class I medical devices are regulated by the Food and Drug Administration, but they
are subject “only to the general controls,” in contrast to the more regulated Class II and Class III
medical devices. 21 C.F.R. § 860.3 (2021). Thus, as the circuit court observed, Class I medical
devices include a broad range of commonly used products such as adhesive bandages (21 C.F.R.
§ 880.5240 (2001)), tongue depressors (id. § 880.6230), bedpans, (id. § 880.6730), crutches and
canes (id. §§ 890.3150, 890.3075), and manual and powered toothbrushes (id. §§ 872.6855,
872.6865).
¶ 39 We cannot agree that a person providing their biometric identifiers to obtain any of those
products becomes a “patient in a healthcare setting” under the Act and therefore falls outside of
the Act’s protections. Thus, we find these federal courts’ reliance on the fact that sunglasses are
Class I medical devices to be unpersuasive.
¶ 40 In short, we find none of these federal cases interpret the Act’s exclusion for “information
11 No. 1-23-1826
captured from a patient in a health care setting” in a manner that is consistent with its plain
language and the legislature’s intent. Because we do not agree that an individual virtually trying
on nonprescription sunglasses with the use of the virtual try-on software is a patient in a heath care
setting, we answer the certified question in the negative.
¶ 41 IV. CONCLUSION
¶ 42 For the foregoing reasons, we answer the certified question: No.
¶ 43 Certified question answered; case remanded.
12 No. 1-23-1826
Marino v. Gunnar Optiks LLC, 2024 IL App (1st) 231826
Decision Under Review: Appeal from the Circuit Court of Cook County, No. 22-CH- 06182; the Hon. Anna Loftus, Judge, presiding.
Attorneys Richard J. Miller, of Miller Law Firm, P.C., of Schaumburg, for for appellant. Appellant:
Attorneys Gary M. Klinger, of Milberg Coleman Bryson Phillips for Grossman PLLC, of Chicago, and Brandon M. Wise and Appellee: Domenica M. Russo, of Peiffer Wolf Carr Kane Connway & Wise LLP, of St. Louis, Missouri, for appellee.