Search This Blog
Powered by Blogger.

Blog Archive

Labels

Load More
Trendy Right Now

Popular Posts

Showing posts with label Biometric Information Privacy Act. Show all posts
Privacy
Biometric Information Privacy Act Corporate financial risks Illinois Privacy

Illinois Amends Biometric Privacy Law to Limit Corporate Liability



SPRINGFIELD, IL – Illinois has recently amended its Biometric Information Privacy Act (BIPA), essentially reducing the financial risks for companies that mishandle biometric data such as eye scans, fingerprints, and facial recognition information. The changes, signed into law by Governor J.B. Pritzker on August 2, followed a growing trend of legal adjustments aimed at balancing consumer privacy rights with corporate concerns.

Key Changes to BIPA

Originally passed in 2008, BIPA was one of the first laws in the United States to establish strict guidelines for the collection, storage, and use of biometric data. The law required companies to obtain written consent before collecting biometric information and allowed individuals to sue for damages if their data was mishandled. Previously, victims could seek $1,000 for each negligent violation and $5,000 for each intentional or reckless violation.

However, the recent amendment dramatically alters this infrastructure. Under the new rules, multiple violations involving the same person's biometric data will now be treated as a single infraction. This change effectively limits the potential damages a company might face, even if it repeatedly mishandles an individual's biometric information.

Impact on Legal Liability

This amendment overturns a 2023 Illinois Supreme Court ruling that held companies accountable for each instance of biometric data misuse. The ruling had stemmed from a class-action lawsuit against White Castle, where an employee accused the restaurant chain of repeatedly violating BIPA by improperly collecting her biometric data. With the new law in place, such claims will now result in lower financial penalties for companies, reducing the incentive for large-scale settlements.

Legal and Industry Reactions

Legal experts and industry groups have noted the implications of this amendment. Alan Friel, a lawyer with Squire Patton Boggs, observed that the change would likely decrease the settlement value of BIPA claims. He also underlined that the new law allows companies to fulfil the written consent requirement through electronic signatures, further easing the burden on businesses.

In the past, BIPA has led to substantial settlements, such as Facebook’s $650 million agreement in 2020 to settle claims that it violated the law by using facial recognition without user consent. This settlement resulted in individual payouts of over $400 to affected users. Illinois’ law is unique in allowing individuals to directly sue companies for violations, a provision that other states, such as Colorado, have not adopted.

The amendment comes amid a broader national debate over privacy laws and the responsibilities of corporations handling sensitive data. While Illinois has maintained a more consumer-focused approach, other states have taken different paths. For example, Texas recently secured a $1.4 billion settlement with Facebook’s parent company, Meta, over similar biometric privacy violations. However, in Texas, enforcement of such laws is handled by the state, not individual consumers.

The Information Technology and Innovation Foundation (ITIF), a think tank supported by various corporations, welcomed the changes to BIPA. Ash Johnson, ITIF’s Senior Policy Manager, argued that the amendment brings much-needed balance to the law, which had previously imposed steep fines for even minor infractions. According to Johnson, the previous version of BIPA had driven some companies to limit their technological offerings in Illinois or avoid the state altogether.

The recent amendment to Illinois’ Biometric Information Privacy Act marks a notable shift in how biometric data violations are handled, reducing the financial risks for companies while still aiming to protect consumer privacy. As states across the U.S. continue to grapple with how best to regulate biometric data, Illinois' experience with BIPA will likely serve as a critical case study for future legislation.


Read more »
US Senate
Biometric data Biometric Information Privacy Act Biometric Privacy Act BIPA Illinois Supreme Court Privacy Senate Democrats U.S. Supreme Court US Senate

Companies Appeal for Relief From Biometric Privacy Act


Later this June, in a Public Radio talk show hosted by Brian Mackey, Senate President Don Harmon said that some of the most flourishing business association leaders have “punched us in the nose” after the Senate Democrats came up with what he called a "good faith solution" to issues brought on by the state's highly controversial Biometric Information Privacy Act.

The Senate Democratic proposal that the business groups opposed, according to Harmon, is "very friendly to the business community that has been asking for these changes."

Biometric Information Privacy Act (BIPA) 

Companies these days regularly collect biometric data, like facial recognition and fingerprint scans. However, in Illinois, it has been made illegal for companies to obtain any such data unless they obtain informed consent.

The Biometric Information Privacy Act was implemented on October 3, 2008, which regulates private entities may acquire, utilize, and handle biometric identifiers and information. Notably, government organizations are not covered by the Act. The only other states with comparable biometric safeguards are Texas and Washington, but BIPA is the strictest. According to the Act, a violation is punishable by a $1,000 or $5,000 fine if it is willful or reckless. This BIPA's damages clause has given rise to numerous class action lawsuits.

Privacy Issues

In regards to the privacy issues concerning the collection of biometric data, many lawsuits have been filed so far, as a result of which many companies want relief.

The Illinois Supreme Court pleaded with the General Assembly earlier this spring to rethink the law in its ruling against the White Castle company. The burger chain's eventual cost for obtaining employee fingerprint scans might reach $17 billion as a result of that decision.

Near the originally scheduled conclusion of the spring legislative session, the Illinois Retail Merchants Association, the Illinois Manufacturers' Association, and the Illinois Chamber of Commerce held a press conference with other business leaders to vehemently oppose the Senate Democrats' proposal.

In the press conference, Illinois Manufacturers' Association President and CEO Mark Denzler, argued the measure would exacerbate the issue. However, Denzler is not exactly known for his hostility. The legislation, according to Denzler, “will only increase abuse of this law by trial attorneys” who have made thousands of claims under the law.

However, the three business groups either refused to respond to Harmon’s comments or, did not respond at all.

In response, the Supreme Court claims that the legislative intent of BIPA was to penalize every single acquisition of employee biometric data. "That's how we ended up with a $17 billion" fine, claimed Senate President Pro Tempore Bill Cunningham since a significant number of White Castle employees were subjected to multiple daily scans for five years. According to the Democratic plan, the law would have been altered specifically to base the fine on the number of employees rather than the number of scans. However, they also doubled the fine from $1,000 to $1,500, which was also criticized by the business associations.

The original state statute, according to BIPA law opponents, has very little to do with reality. The purpose of the law is to safeguard individuals from having their biometric information kept, shared, or otherwise used without their knowledge or consent. After all, people can alter their computer passwords to hide their identities, but could not simply alter their fingerprints.

Cunningham on the other hand claims to have heard a theory by a Republican lawmaker that the corporate defense bar has confirmed to the business groups that they can get the state law overturned by the U.S. Supreme Court, leaving no reason to compromise at the state level. “I have no idea if that's true or not[…]But it's a better explanation that I can come up with,” he says.

Read more »
Subscribe to: Posts (Atom)