BIPA

Subscribe to BIPA

FingerprintNo Actual Harm Necessary to Assert Biometric Privacy Claims in Illinois

Today the Illinois Supreme Court held that an individual does not need to allege actual harm in order to seek liquidated damages and injunctive relief under the Illinois Biometric Information Privacy Act (BIPA or the Act) 740 ILCS 14/1 et seq.  In Rosenbach v. Six Flags Entertainment Corp., the Court unanimously found that a plaintiff need only allege a technical violation of BIPA in order to be sufficiently “aggrieved” under the Act.  The Court’s holding today is likely to embolden potential plaintiffs and increase the already considerable number of BIPA-related cases throughout Illinois and the country.
Continue Reading

In the past few weeks, five putative class action lawsuits have been filed under the Illinois Biometric Information Privacy Act (“BIPA”), 740 ILCS 14/1 et seq., targeting defendants in the health care, senior living, commercial baking, meat processing and security industries. These recent suits join previously filed BIPA class actions against day care operators, tanning salons, video game manufacturers, hotel groups and supermarkets as well as much larger entities, including Facebook, Google, Shutterfly, Six Flags and Snapchat. All of these suits have similar allegations at their core; that defendants utilized employees’, customers’, or other persons’ biometric identifiers, such as fingerprints, voiceprints, retina scans or facial recognition technology, in violation of BIPA’s disclosure and consent requirements. All seek recovery of BIPA’s statutory liquidated damages of $1,000 for each negligent violation, or $5,000 for each intentional or reckless violation, injunctive relief, and recovery of attorneys’ fees and costs.

BIPA Background

Until the past 18 months, when the first of these suits was filed, BIPA has been a little-known statute. Enacted in 2008, BIPA was passed to protect against risk of identity theft resulting from the growing use of biometric technology to facilitate financial transactions and security screenings. 740 ILCS 14/5.

BIPA applies to both biometric identifiers, such as fingerprints, voiceprints, retina scans, and facial geometry, and other biometric information based on those identifiers to the extent used to identify an individual. 740 ILCS 14/10. BIPA is an important measure because, unlike such things as Social Security numbers and passwords that can be changed if necessary, biometrics are biologically unique and, when compromised, leave an individual without recourse. 740 ILCS 14/5.
Continue Reading

The following March 3 blog post inspired the Law360 article, “Challenging Personal Jurisdiction In Online Conduct Cases,” published on March 24, 2017. See full article below.

Earlier this week, Judge Edmond Chang of the Northern District of Illinois rejected Google’s arguments that application of the Illinois Biometric Information Privacy Act (BIPA) to facial geometry scanning by Google Photos is, on its face, an improper extraterritorial application of Illinois law. See Rivera v. Google, Inc., Case No. 16-cv-22714, Docket Entry 60.  Faced with Google’s arguments that the claims would require extraterritorial application of the statute and/or would violate the Dormant Commerce Clause by reaching beyond state boundaries, the court essentially punted, saying that “[d]iscovery is needed to determine whether there are legitimate extraterritoriality concerns.” Id. at p. 22.  The court also rejected Google’s argument that BIPA does not cover facial geometry scans pulled from photographs.
Continue Reading