FB pixel

Rays of hope for BIPA defendants and plaintiffs in two cases

Rays of hope for BIPA defendants and plaintiffs in two cases
 

No matter where biometric data privacy cases in Illinois go — to state or federal courts — the question remains: Do potential or real privacy violations outweigh possibly “ruinous” fines levied on state entities? The question rests on whether the law allows claims to accrue.

Two new court decisions, by a federal appeals court and one from a state appellate court, directly address that question, but neither came close to settling it. In the background of both cases is Illinois’ Biometric Information Protection Act, or BIPA, the nation’s high-water mark in terms of protecting biometric data.

The U.S. Seventh Circuit Court of Appeals, which had been considering a fingerprint biometric case called Cothron v. White Castle System, Inc. (case 20-3202), decided it would be better if the Illinois State Supreme Court judged the matter than itself.

A good rundown of the matter has been published by the Cook County Record here. The case is on hold while the state justices consider it.

Meanwhile, the Illinois Appellate Court has found that every time biometric data is collected without following BIPA, a new claim is accrued, writes law firm Nixon Peabody, which did not participate in Watson v. Legacy Healthcare Financial Services, LLC.

Nixon Peabody’s analysis of the latest Watson case is here.

Both actions could put biometrics-deploying Illinois entities collectively on the hook for untold numbers of potential BIPA violations through future legal interpretation. Of course, they could just as well curtail an individual’s rights to their most personal information, maybe to the point of irrelevance.

Looking at Cothron, White Castle argued that a defendant should only have to answer to a purported violation the first time it happens and never again.

(In this particular matter, a judgment agreeing with White Castle would benefit the hamburger-maker twice. It would put Cothron’s legal protest beyond the state’s relevant statute of limitations, and would protect it from fines resulting from complaints brought by other plaintiffs.)

Given that BIPA allows for statutory damages of $1,000 or $5,000 for each violation, a large restaurant chain like White Castle could face significant fines.

But given that each and every collection of biometric data from an individual can be misused, transferred or stolen for criminal gain, and that biometrics are permanent, irreplaceable identifiers, people have monumental skin in a game in which they have comparatively little to gain.

Transferring Cothron to the Illinois Supreme Court is not unprecedented, according to the Cook County Record. And a decision in federal court could have unintended negative implications for “fundamental” state accrual principles.

This is a game of hot potato, in that respect. But also, BIPA is both unique and a matter that the state justices have considered a great deal. They are better acquainted with the matter.

Meanwhile, Illinois’ appellate court considered Watson’s violation-accrual arguments and found that, indeed, each collection of biometric data can potentially be a violation of BIPA.

(This decision could stand or fall based on how the state supreme decides Cothron. But knowing about Watson will be important for any biometric-privacy plaintiff and defendant in Illinois.)

Quoting the court, Nixon Peabody wrote that “the plain language of the statute establishes that it applies to each and every capture and use of plaintiff’s fingerprint or hand scan.”

While the court dismissed the fact that multiple violations could possibly cripple a company, it pointed out what no doubt was obvious to Legacy Healthcare’s legal team.

Under the law, damages are discretionary and not mandatory. Defendants can argue they did not violate BIPA, and if they lose, they can at least try to convince a judge that the remedy would not match the crime — misusing or not protecting a person’s biometric data adequately.

Article Topics

 |   |   |   |   |   |   | 

Latest Biometrics News

 

Privacy, free speech, children’s online safety collide in age assurance legal wars

By this point, the amount of collective hand wringing over children’s online safety and related age assurance legislation could surely…

 

St. Kitts and Nevis chooses Cybernetica as strategic adviser for digital ID system

St. Kitts and Nevis has chosen Cybernetica as strategic adviser as it implements a national digital identity system. Cybernetica is…

 

UK needs unified regulation for facial recognition: Biometrics Institute

The UK needs a clearer and consistent framework for governing facial recognition in public spaces as missteps in deploying the…

 

Cambodia: IDPoor Programme alleviates poverty as system continues digitization

The United Nations Development Programme has provided additional ICT equipment for Cambodia’s IDPoor Programme. The equipment includes 546 tablets, software…

 

Growth of digital wallet use shaking up payment regulations and benefits delivery

Digital wallets are transforming online, offline and cross-border payments around the world, prompting calls for regulatory change in Australis and…

 

Sardine nets $70M in Series C funding for automated fraud prevention platform

Sardine, a startup that employs machine learning for fraud prevention, compliance and credit underwriting, has announced a $70 million Series…

Comments

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Most Viewed This Week

Featured Company

Biometrics Insight, Opinion

Digital ID In-Depth

Biometrics White Papers

Biometrics Events