Defense arguments in biometric privacy cases uncertain as Chamber argues against private action
Only one defense used against a Biometric Information Privacy Act (BIPA) lawsuit has been successful in getting a suit dismissed, and the validity of that defense is uncertain now that the State Supreme Court has ruled on the same issue, according to an analysis by attorneys from Holland & Knight LLP for JD Supra.
The analysis was written by Rachel Agius, William Farley, and Richard Winter as lawsuits continue to be filed under Illinois’ BIPA, and they say the State Supreme Court decision early this year that procedural violations constitutes “harm” and establishes legal standing opens the door for an increase in BIPA class actions.
Defenses reviewed include pre-emption of BIPA by the Illinois Workers Compensation Act, which in one case was rejected by the judge, and in another is still pending, and claims that the plaintiff has not suffered real harm, and therefore has no standing. This argument has been successful in federal court in several cases, but may not be valid following the State Supreme Court’s Rosenbach ruling. At least one defendant has argued that a one-year statute of limitations some privacy laws are subject to should apply to BIPA in a pending case, and biometric device suppliers have argued that they cannot be held responsible for collecting employee data, and therefore are not responsible for damages under BIPA.
Beyond those defenses noted in the article, the federal status granted to unions in negotiating labor agreements enables them to grant consent for biometrics collection, according to the ruling in a BIPA case against Southwest Airlines which was dismissed, and a constitutional challenge of BIPA’s damages is being mounted in another case currently before the courts.
The Holland & Knight lawyers note that settlements following the Rosenbach ruling have ranged from $80 per class member for a class size of approximately 4,000 to $1,300 per class member for 297 people.
Meanwhile, Illinois manufacturer Dynacast has been named in a BIPA suit over its fingerprint or handprint time and attendance system, Law360 reports, and suits have also been filed against blood test laboratory Simple Laboratories and multi-state HR firm Integrity Staffing for their biometric time and attendance practices, according to the Cook County Record.
Google has been sued under BIPA for sharing voice biometrics collected by its Google Assistant with third parties, as reported by Law360. A similar suit was filed against Amazon for biometrics collected by its digital assistant Alexa earlier in July.
Illinois Senate Bill 2134 would remove the private right of action from BIPA, but stalled in committee earlier this year.
BIPA and statutes like it that provide private right of action are clogging the courts without truly benefiting consumers, the Institute for Legal Reform (ILR) of the U.S. Chamber of Commerce argues in a new report.
Insurance Journal reports that “Ill-Suited: Private Right of Action and Privacy Claims” shows that only four to eight percent of eligible consumers file settlement claims, compared to 30 percent in Telephone Consumer Protection Act (TCPA) lawsuits. In addition to TCPA and BIPA, the report considers the Fair Credit Reporting Act (FCRA) and the Video Privacy Protection Act (VPPA).
The ILR report also says that plaintiffs use state privacy and consumer protection statutes to sidestep congressional intent when federal statutes do not provide private right of action. This claim seems somewhat disingenuous, however, as numerous U.S. government officials and members of Congress have noted the country does not have adequate privacy protections at the federal level.
More than 100 lawsuits were filed under BIPA in the six months following the Illinois’ Supreme Court’s decision, according to the report.
“There is only one group that benefits from private lawsuits: plaintiffs’ lawyers who are simply exploiting private rights of action in privacy laws for their own financial gain,” explains Harold Kim, chief operating officer for the U.S. Chamber Institute for Legal Reform, as reported by Insurance Journal. “Rather than allow expert regulators to shape and balance policy and protections, enforcement is driven by frivolous lawsuits that do nothing to protect consumer privacy.”
Government agencies are more effective than private lawsuits at protecting privacy, the report says, and lawsuits stifle innovation and limit consumer choice. Not everyone agrees with this assessment, however.
“Far too often consumers place valuable confidential information, such as social security numbers or bank account information, into the hands of multi-billion dollar corporations with the reasonable expectation that the information will be secured. When it isn’t, the Chamber argues that consumers never reasonably believed that information should have been safe in the first place,” American Association for Justice Director of Communications Peter Knudsen told Insurance Journal. “This conclusion ignores that accountability results in corporations prioritizing the security of consumer data. The Chamber’s solution of government enforcement will not help consumers who have had their medical privacy or financial information compromised.”