Biometric data privacy defendants and plaintiffs hunt new legal tools to defang each other
At times it looks like it will be many more years before lawyers know how to use or respond to biometric privacy laws and court decisions.
The landmark Biometric Information Privacy Act passed in Illinois in 2008 and despite a number of very notable cases since then, attorneys involved in related cases can seem like rookie, hunt-and-peck typists: Scan, consider, choose, scan, consider….
To date, plaintiffs given a right of private action and claiming harm when their biometric identifiers are collected, stored and used have been largely successful. And defendants accused of misuse scrounge for the best of obscure defense options.
Most recently, defendant employers lost their argument that Illinois workers’ compensation law preempted BIPA remedies. Businesses were accused of demanding employee biometric identifiers including fingerprints, irises and faces in the workplace without following BIPA rules.
If these violations cause real harms, as has been successfully argued in prior court cases, then workers’ comp regulations, which are more favorable toward business owners than BIPA mandates, should take precedence. (Wrong.)
In an article this week in the Cook County (Illinois) Record, an attorney said lawyers are considering other avenues for defense, including an exclusion involving HIPAA, or the federal Health Insurance Portability and Accountability Act, and a possible labor law preemption.
Plaintiffs’ representatives are looking for new strategies, too.
A Law.com article this week makes the case that U.S. states can regulate biometric data practices via existing laws prohibiting deceptive trade practices. They could stand in for a privacy act of their own.
The state of Texas, in fact, is using this as part of a two-pronged strategy against Meta Platforms for Facebook’s biometric information collection practices, according to the same Law.com article. The same case could provide a template for Attorneys General in states where regulations do not include a right of private action.
Related Posts
Article Topics
biometric data | biometric identifiers | biometrics | BIPA | data collection | data protection | lawsuits | privacy | time and attendance
Comments