FB pixel

Rays of hope for BIPA defendants and plaintiffs in two cases

Rays of hope for BIPA defendants and plaintiffs in two cases

No matter where biometric data privacy cases in Illinois go — to state or federal courts — the question remains: Do potential or real privacy violations outweigh possibly “ruinous” fines levied on state entities? The question rests on whether the law allows claims to accrue.

Two new court decisions, by a federal appeals court and one from a state appellate court, directly address that question, but neither came close to settling it. In the background of both cases is Illinois’ Biometric Information Protection Act, or BIPA, the nation’s high-water mark in terms of protecting biometric data.

The U.S. Seventh Circuit Court of Appeals, which had been considering a fingerprint biometric case called Cothron v. White Castle System, Inc. (case 20-3202), decided it would be better if the Illinois State Supreme Court judged the matter than itself.

A good rundown of the matter has been published by the Cook County Record here. The case is on hold while the state justices consider it.

Meanwhile, the Illinois Appellate Court has found that every time biometric data is collected without following BIPA, a new claim is accrued, writes law firm Nixon Peabody, which did not participate in Watson v. Legacy Healthcare Financial Services, LLC.

Nixon Peabody’s analysis of the latest Watson case is here.

Both actions could put biometrics-deploying Illinois entities collectively on the hook for untold numbers of potential BIPA violations through future legal interpretation. Of course, they could just as well curtail an individual’s rights to their most personal information, maybe to the point of irrelevance.

Looking at Cothron, White Castle argued that a defendant should only have to answer to a purported violation the first time it happens and never again.

(In this particular matter, a judgment agreeing with White Castle would benefit the hamburger-maker twice. It would put Cothron’s legal protest beyond the state’s relevant statute of limitations, and would protect it from fines resulting from complaints brought by other plaintiffs.)

Given that BIPA allows for statutory damages of $1,000 or $5,000 for each violation, a large restaurant chain like White Castle could face significant fines.

But given that each and every collection of biometric data from an individual can be misused, transferred or stolen for criminal gain, and that biometrics are permanent, irreplaceable identifiers, people have monumental skin in a game in which they have comparatively little to gain.

Transferring Cothron to the Illinois Supreme Court is not unprecedented, according to the Cook County Record. And a decision in federal court could have unintended negative implications for “fundamental” state accrual principles.

This is a game of hot potato, in that respect. But also, BIPA is both unique and a matter that the state justices have considered a great deal. They are better acquainted with the matter.

Meanwhile, Illinois’ appellate court considered Watson’s violation-accrual arguments and found that, indeed, each collection of biometric data can potentially be a violation of BIPA.

(This decision could stand or fall based on how the state supreme decides Cothron. But knowing about Watson will be important for any biometric-privacy plaintiff and defendant in Illinois.)

Quoting the court, Nixon Peabody wrote that “the plain language of the statute establishes that it applies to each and every capture and use of plaintiff’s fingerprint or hand scan.”

While the court dismissed the fact that multiple violations could possibly cripple a company, it pointed out what no doubt was obvious to Legacy Healthcare’s legal team.

Under the law, damages are discretionary and not mandatory. Defendants can argue they did not violate BIPA, and if they lose, they can at least try to convince a judge that the remedy would not match the crime — misusing or not protecting a person’s biometric data adequately.

Article Topics

 |   |   |   |   |   |   | 

Latest Biometrics News


Biometrics deployments expand protection against fraud and lying about your age

Biometrics are protecting against false claims of all sorts in several of the most-read articles of the past week on…


UN says law enforcement should not use biometrics to surveil protestors

Law enforcement agencies should not use biometric technology to categorize, profile or remotely identify individuals during protests, the United Nations…


How to explain the EUDI Wallet? Industry and citizens discuss Europe’s digital ID

The European Digital Identity (EUDI) Wallet is well on its way towards becoming a reality. To explain the major impact…


Decentralize face authentication for control, stronger protection: Youverse

The implementation method of biometric face authentication has become increasingly important in recent years due to the limitations of traditional…


Researchers develop display screens with biometric sensor capabilities

Traditional display screens like those built into smartphones require extra sensors for touch control, ambient light, and fingerprint sensing. These…


Meta, porn industry and Kansas governor weigh in on age verification

As Europe mulls how to restrict access to certain content for minors, Meta offers its own solution. Meanwhile, U.S. states…


Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Most Read From This Week

Featured Company

Biometrics Insight, Opinion

Digital ID In-Depth

Biometrics White Papers

Biometrics Events