Statute of limitations on biometric data privacy claims in Illinois clarified

How multiple violations are treated and the statute of limitations of biometric data privacy suits under Illinois law have been clarified, at least temporarily, by a state appellate panel, Law360 reports. Claims relating to informed consent, data retention policy disclosure and safeguarding are subject to a five-year limit, while claims based on unlawful profit or disclosure have only a one-year time limit, the judges ruled in the case of Tims v. Black Horse Carriers, Inc.

The State’s one-year limit for published privacy violations governs biometric privacy claims under only section 15(c) and 15(d), while claims under 15(a), 15(b) and 15(e) can be brought up to five years later, the three-judge panel ruled. The different limitation periods are necessary, the court says, because each BIPA requirement is “separate and distinct.” The panel of judges agreed with the lower court ruling that the “catchall” limitations period of five years applied, rather than the one year limit state law sets out for privacy claims, since specific BIPA violations were alleged, rather than general privacy violations.

“This latest ruling brings much needed clarity to parties on both sides of BIPA litigation who previously debated this determinative issue,” Jean Liu, a Kaufman Dolowich & Voluck attorney specializing in BIPA and other data privacy regulations, told Biometric Update in an email. A blog post by Liu and colleagues Stefan Dandelles and Sarah Suddarth, however, points out that most BIPA cases are brought based on alleged violations of multiple clauses, meaning most are likely to fall within the limitation period.

In the case of violations of multiple duties, multiple recoveries can be sought in redress, the court ruled.

The scope of claims, and specifically whether multiple instances of the same biometric data privacy violation are cumulative, is under consideration in a suit against White Castle.

Uncertainty and changes challenging for small vendors

The fragmented legal landscape for biometric data privacy, and the impact that has on firms attempting to meet the demand for biometric applications like loss prevention systems, is examined in a Reuters report.

The article recounts the challenges of Blue Line, a company that provides facial recognition systems, and recently lost a customer in Portland to local legislation. A store in Missouri that deployed a Blue Line system after one of its clerks was fatally shot in a robbery says it has not been robbed since installing the biometric capability.

Article Topics

biometric data  |  Biometric Information Privacy Act (BIPA)  |  biometrics  |  data protection  |  lawsuits  |  legislation  |  privacy