The Non-Financial Ledger

Picture the moment you signed up for Getaround. Maybe you needed a car for a weekend. Maybe it was cheaper than a rental agency. You followed the steps, uploaded your license, recorded the short selfie clip the app requested, and moved on with your life. You thought you were just proving you were you.

You were not told that the app was building a mathematical model of your face. You were not told that this model, your facial geometry, is as permanent and unique as a fingerprint, and that unlike a fingerprint, it can be replicated, transmitted, and used without you ever being in the room. You were not given a form to sign. You were not handed a document explaining who would see it or for how long. The app just took it, quietly, buried inside a process that looked like routine identity verification.

There is something specific about having your face taken without your knowledge that sits differently than other data violations. A stolen email address is annoying. A leaked phone number is invasive. But your face is the thing people use to identify you on the street, in a crowd, on a camera feed. Your face, mapped and stored as a numeric scan, becomes a key that unlocks every door with a camera. The Illinois legislature understood this when it wrote BIPA. Courts have compared the privacy interest in biometric data to the right to keep strangers off your property. It is that fundamental.

Now consider who else received that scan. The complaint alleges Getaround shared biometric data with service providers, contractors, business partners, and collection agencies. Collection agencies. Companies whose entire function is to pursue you for money. They now may have a mathematical map of your face, and you never agreed to it, never knew it happened, and have no way to take it back.

The person named in this lawsuit, Cory Anderson, opened a Getaround account to rent a car. He got a permanent, irrevocable biometric record created in his name and distributed to parties he has no relationship with, with no warning, no signature, and no say. He is one of more than a thousand people in Illinois alone who the complaint alleges experienced the same thing. The law exists. The rights exist. They were simply ignored.

Legal Receipts

Every claim below comes verbatim from Case No. 1:24-cv-09524, filed in the Northern District of Illinois. No paraphrasing. No spin. Read it in the company’s own shadow.

“Getaround did not inform Plaintiff in writing that Getaround was collecting or storing his biometric information. Instead, Plaintiff was simply instructed to have his facial geometry scanned as part of the overall account opening processes detailed herein. In fact, Getaround made no mention of biometric information, collection of biometric information, or storage of biometric information.” Complaint, Paragraphs 29–31, Case No. 1:24-cv-09524

“At all relevant times, Getaround had no written policy, made available to the public, establishing a retention schedule and guidelines for permanently destroying biometric information when the initial purpose for collecting or obtaining such biometric information has been satisfied or within 3 years of the individual’s last interaction with Getaround, whichever occurs first.” Complaint, Paragraph 24 and Paragraph 50, Case No. 1:24-cv-09524

“Getaround disclosed, redisclosed or otherwise disseminated Plaintiff’s biometric information to its service providers, contractors, business partners, and collection agencies.” Complaint, Paragraph 35 and Paragraph 64, Case No. 1:24-cv-09524

“Facial geometry scans are unique, permanent biometric identifiers associated with each user that cannot be changed or replaced if stolen or compromised. Getaround’s unlawful collection, obtainment, storage, and use of its user’s biometric data exposes them to serious and irreversible privacy risks.” Complaint, Paragraph 7, Case No. 1:24-cv-09524

Societal Impact Mapping

Biometric data violations carry a documented psychological and behavioral cost that maps directly onto the language of the Illinois legislature. When people know their face can be tracked and their identity permanently compromised, they change how they move through the world.

• The Illinois legislature explicitly found that individuals who experience biometric compromise “are likely to withdraw from biometric-facilitated transactions,” 740 ILCS 14/5(c). This behavioral withdrawal reduces access to digital services, financial tools, and platforms that increasingly require biometric verification to function.
• Courts in the Seventh Circuit have analogized unconsented biometric collection to trespass, Bryant v. Compass Group USA, Inc., 958 F.3d 617 (7th Cir. 2020). The psychological experience of having your biometric profile extracted without knowledge or consent, and shared with strangers, carries the same quality of violation as having your private space entered without permission.
• The permanent nature of facial geometry data means affected users carry an elevated, irreversible risk of identity fraud for the rest of their lives. Unlike a Social Security number, a facial map cannot be reissued. Users have no administrative remedy, no fraud alert system that neutralizes the exposure, and no government agency that can assign them a new face.
• The alleged distribution to collection agencies is a specific vector for harassment and financial pressure. These firms operate in an adversarial context, pursuing people for debts. Any biometric data in their systems creates a potential tool for locating, identifying, or targeting individuals beyond what a debt collector is legally permitted to do.

This case lands hardest on people who had no realistic way to know the law was being broken, and who are least equipped to absorb the downstream consequences of a biometric data breach.

• Getaround marketed directly to Illinois residents through Facebook, Instagram, and pay-per-click campaigns, targeted specifically at Chicago and statewide. People who saw those ads and signed up were invited into a platform designed to collect their face without telling them. The marketing funnel was the pipeline for the alleged BIPA violation.
• Car-rental apps are used disproportionately by people who cannot afford to own a vehicle. People relying on platforms like Getaround are often working-class Chicagoans navigating gaps in public transit. They were the ones who had to hand over their biometrics just to access transportation. The biometric toll was paid by the people who could least afford a permanent privacy risk.
• Statutory damages under BIPA, $1,000 to $5,000 per violation, exist specifically because the legislature understood that individual victims would rarely have the resources to bring private suits. The class action mechanism is the only realistic path to accountability for more than 1,000 affected users whose individual losses are significant in human terms, but financially small relative to litigation costs.
• If Getaround’s facial scan database is ever breached, sold in bankruptcy proceedings, or transferred in a corporate acquisition, the people most harmed are those with the fewest resources for identity theft recovery: no lawyers on retainer, no credit monitoring subscriptions, no rapid-response fraud departments.

The “Cost of a Life” Metric

What Now?

Getaround is a private company incorporated in Delaware. The complaint names Getaround, Inc. as the sole defendant. Plaintiff is represented by Michael L. Fradin, Esq. (Skokie, IL) and James L. Simon of Simon Law Co. (Chagrin Falls, OH). The following corporate roles at Getaround are responsible for the data collection and sharing practices described in this complaint; their names are not verified in the source document and will not be invented here: [Chief Executive Officer], [Chief Privacy Officer], [Chief Technology Officer], [General Counsel].

Regulatory Watchlist

• Illinois Attorney General: The state AG has enforcement authority under BIPA. If you are an Illinois resident and believe your biometrics were collected by Getaround, you can file a complaint at illinoisattorneygeneral.gov.
• FTC (Federal Trade Commission): The FTC has pursued companies for unfair data practices that exceed disclosed scope. Report at ftc.gov/complaint.
• CFPB (Consumer Financial Protection Bureau): The alleged sharing with collection agencies puts this case squarely in the CFPB’s jurisdiction. Report at consumerfinance.gov/complaint.
• Illinois Department of Financial and Professional Regulation: Oversees data-related consumer protection in financial service contexts within Illinois.

What You Can Do Right Now

• If you are an Illinois resident who signed up for Getaround within the last five years, you may be a class member. Contact the attorneys of record: Michael L. Fradin at mike@fradinlaw.com, or James L. Simon at james@simonsayspay.com.
• Request a copy of all data Getaround holds on you. Under the California Consumer Privacy Act and various state equivalents, you may have a right to access and deletion. Submit a data subject access request directly to Getaround’s privacy contact listed in its privacy policy.
• Talk to people in your building, neighborhood, and workplace who use car-sharing apps. The biometric collection described in this complaint is not unique to Getaround. Platform-to-platform organizing starts with people knowing their rights exist.
• Support digital rights mutual aid organizations including the Electronic Frontier Foundation (eff.org) and the ACLU’s project on surveillance and biometric privacy (aclu.org). These groups fund and litigate exactly the kind of structural privacy cases that protect everyone.
• Push local Chicago and Illinois-area representatives to fund and staff BIPA enforcement proactively, rather than leaving accountability entirely to private plaintiffs and class action attorneys. The law is on the books. The enforcement infrastructure lags far behind the violations.