Illinois considers amending America’s toughest biometric privacy law
The Illinois legislature is considering changes to the State’s biometric privacy law that could protect small businesses from litigation, but could potentially hamstring the regulation in the process, critics tell The Lincoln Courier.
House Bill 559 would add provisions to the Biometric Information Privacy Act (BIPA), and has been advanced by the House judiciary committee to be debated.
The Bill was introduced by House Minority Leader Jim Durkin (R-Western Springs), and was approved by the committee with a 10-5 vote, with one abstention. Multiple Democrats joined committee Republicans in supporting the bill. Durkin has suggested that while large and small companies alike have been served with lawsuits under BIPA, small businesses are more severely affected.
Facebook settled a prominent BIPA suit for $650 million in a deal which recently received final approval.
Some of the language in BIPA is out of date, Durkin says, which has resulted in a “cottage industry for a select group of lawyers to file class action lawsuits against big and small employers and nonprofit agencies,” The Courier writes.
HB 559 would require each “aggrieved party” must provide written notification of any alleged violation to the prospective defendant, which would then have 30 days to remedy the violation to avoid litigation. It also changes “written release” to “consent,” which can be given digitally. The $1,000 liquidated damages penalty is removed in favor of reimbursement for “actual damages,” and replaces the $5,000 maximum for “intentional or reckless” violations with actual plus liquidated damages for “willful” violations.
The ACLU of Illinois argues that BIPA is currently working as intended, and would be gutted by the proposed changes. Some legislators appear to share that view, at least enough to oppose HB 559.
The Electronic Frontier Foundation recently suggested that BIPA-style informed consent requirements are preferable to blanket bans.
David Oberly of Blank Rome LLP’s Biometric Privacy Team wrote about how businesses can avoid being hit with class actions under BIPA for Biometric Update last year.