Illinois has emerged as a leader in biometric privacy protection with the enactment of the Biometric Information Privacy Act (BIPA) in 2008. The law has gained significance, particularly after a record-breaking $650 million settlement between Facebook and users who claimed privacy violations under BIPA. Recent cases before the Supreme Court of Illinois have further solidified BIPA's influence, establishing a 5-year statute of limitations for BIPA claims and recognizing the potential for separate claims based on each biometric scan taken from an individual. Other states are now following Illinois' lead by considering their own biometric privacy laws. Illinois remains at the forefront, leading the way in implementing robust biometric privacy regulations.
In late December 2022, multiple class-action lawsuits related to the Illinois Biometric Information Privacy Act (BIPA) were filed in Cook County Circuit Court, according to the Cook County Record. These lawsuits predominantly revolved around allegations that employers had unlawfully compelled workers to scan their fingerprints for identity verification when clocking in and out of shifts, without obtaining proper consent or providing required notices as mandated by BIPA.
The Illinois Biometric Information Privacy Act (BIPA), which has been in effect since 2008, stands as the pioneering comprehensive biometric privacy law in the United States. In recent years, the surge in BIPA litigation has highlighted enforcement challenges and spurred various legislative initiatives.
During the 102nd Illinois General Assembly in 2021, a total of 11 bills related to BIPA were introduced. These bills were assigned to committees but were not addressed before the 2021 deadline.
The introduced bills encompassed several proposed amendments to BIPA. For instance, nine bills aimed to clarify the statute of limitations, restrict or limit damages, introduce exemptions (such as for biometric data processing related to security purposes or employee work hours recording), and modify the private right of action, potentially replacing it with government enforcement mechanisms involving the Illinois attorney general, state attorney's offices, or the Illinois Department of Labor. Furthermore, two bills sought to repeal BIPA entirely.
The Illinois First District Appellate Court has provided a decisive ruling on the statutes of limitations for various claims under the Illinois Biometric Information Privacy Act (BIPA), as reported by The National Law Review. According to the court's decision, BIPA claims related to the unauthorized disclosure of biometric data are subject to a one-year statute of limitations. On the other hand, claims involving breach of user notice and consent, as well as unlawful data retention, have a five-year timeframe within which they can be filed. This ruling brings clarity to the different limitations applicable to BIPA claims depending on the nature of the alleged violation.
In response to the discovery that court documents publicly disclosed sensitive personal information of child sex crime victims, the Illinois Senate has passed two bills aimed at reinforcing privacy protections for sexual assault victims, as reported by CBS 2 Chicago. These bills, which received unanimous support in the Senate, are now slated for debate in the U.S. House of Representatives. One bill focuses on bolstering privacy measures for minor victims, while the other introduces regulations to safeguard the privacy of adult victims. The legislative action seeks to ensure that the personal information of assault victims remains confidential and protected.
Facebook's $650 million settlement for alleged violations of the Illinois Biometric Information Privacy Act (BIPA) has been hailed as a "landmark result" by U.S. District Court Judge James Donato. The settlement, which affects around 1.6 million Facebook users, was granted final approval by Donato. Each class member interested in compensation is expected to receive at least $345. The settlement has been viewed as a significant victory for consumers in the realm of digital privacy. Jay Edelson, the attorney representing the plaintiffs who filed the suit in 2015, described it as a "make-or-break moment for the privacy bar." The lawsuit alleged that Facebook's "tag suggestions" feature violated BIPA by collecting and storing users' facial scans without proper notice or consent.