FB pixel

Growing clarity in Illinois’ biometric privacy law shows possible defenses for third-party vendors

Instagram and employers to face BIPA suits
Growing clarity in Illinois’ biometric privacy law shows possible defenses for third-party vendors

Suits brought under Illinois’ Biometric Information Privacy Act (BIPA) against biometrics providers as third party vendors face hurdles which have only increased with a pair of recent decisions relating to jurisdiction and standing, according to an expert analysis for Law360 by attorneys from Porter Wright Morris & Arthur LLP.

Karen M. Borg and Al Fowerbaugh write that the difference in standing between state and federal court, with the latter requiring an injury, where the former can proceed based on a procedural violation, creates a barrier for plaintiffs to make claims against third parties under BIPA’s Section 15(a), which requires publicly available policies for the retention and destruction of biometric data.

A lack of connections between biometric providers and the state of Illinois can also place biometrics providers outside of state or federal court jurisdiction for BIPA violations. Vendors only fall within the jurisdiction of BIPA if they have continuous and systematic contacts with Illinois (general jurisdiction), or if the claim is related to direct contacts with Illinois (specific jurisdiction). In the case of a dismissed case against Lathem Time, neither were found to apply.

Illinois law also does not apply to actions taken outside of the state unless the specific statute in question says so, which BIPA does not, providing out-of-state vendors with another possible defense.

Instagram, White Castle and Little Caesars each lose bids to dismiss suits

Instagram has been accused of the same kind of biometric privacy violation under Illinois law that has led Facebook to attempt a $650 million settlement, BNN Bloomberg reports.

Instagram collects, stores, and profits from the facial biometric data of its 100 million users, including those in Illinois, without their knowledge or consent, in violation of the Biometric Information Privacy Act (BIPA), according to the allegations. The suit Whalen v. Facebook was filed in California state court, and states that the company began notifying Instagram users that it was collecting biometric data at the beginning of 2020, but had done so previously.

White Castle has been stymied in another attempt to have a BIPA suit brought against it by a former manager thrown out, as a federal judge rejected the chain’s argument that all of the plaintiff’s claims exceeded the statute of limitations because the alleged practice started too long ago, according to a separate Law360 article.

The burger chain had argued that interpreting the Act as applying the statute of limitations anew to each alleged violation is absurd, and would lead to crippling damages, but Judge John J. Tharp Jr. denied this, and criticized the company for not offering an alternative interpretation. He also noted the possibility that White Castle will appeal the decision.

The suit was brought in 2018 in response to a practice of requiring biometric verification for access to pay stubs which White Castle put in place in 2007. The number of timely alleged violations is set to be determined at a future hearing. The manager Latrina Cothron signed a consent form in 2018, but White Castle’s argument that by doing so Cothron waived her right to action under BIPA, and instead was governed by the Illinois Workers’ Compensation Act was rejected in June.

A suit against Little Caesar Enterprises will likewise go forward after a federal court judge ruled that the consent provided by two former employees after their biometrics were already collected does not apply to the collection retroactively, Bloomberg Law writes.

The chain made a similar argument last year to one put forward by White Castle, which was also rejected.

Article Topics

 |   |   |   |   |   | 

Latest Biometrics News


UN says law enforcement should not use biometrics to surveil protestors

Law enforcement agencies should not use biometric technology to categorize, profile or remotely identify individuals during protests, the United Nations…


How to explain the EUDI Wallet? Industry and citizens discuss Europe’s digital ID

The European Digital Identity (EUDI) Wallet is well on its way towards becoming a reality. To explain the major impact…


Decentralize face authentication for control, stronger protection: Youverse

The implementation method of biometric face authentication has become increasingly important in recent years due to the limitations of traditional…


Researchers develop display screens with biometric sensor capabilities

Traditional display screens like those built into smartphones require extra sensors for touch control, ambient light, and fingerprint sensing. These…


Meta, porn industry and Kansas governor weigh in on age verification

As Europe mulls how to restrict access to certain content for minors, Meta offers its own solution. Meanwhile, U.S. states…


As national U.S. data privacy law becomes more likely, critics emerge to point out flaws

The push for comprehensive privacy legislation in the U.S. is gaining momentum, as the proposed American Privacy Rights Act 2024…


Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Most Read From This Week

Featured Company

Biometrics Insight, Opinion

Digital ID In-Depth

Biometrics White Papers

Biometrics Events