Another big win for BIPA plaintiffs: Each biometric scan is actionable
Every biometric scan performed in Illinois by a private entity counts as a separate illegal act if it does not comply with the U.S. state’s landmark privacy law, according to the Illinois Supreme Court.
Cothron v. White Castle is yet another far-reaching interpretation of the Biometric Information Privacy Act. While it will impact any business scanning biometrics (and insuring them), it will hit hardest businesses that installed scanners on which employees clock in twice a day, every work day.
There is the second significant BIPA decision this month. The Illinois Supreme Court has found in Tims v. Black Horse Carriers that the act is subject to a single, five-year statute of limitations. The defendant has been arguing for one year.
This case (128004), which is about a legal concept known as claim accrual, alleges the fast-food merchant required plaintiff Latrina Cothron to punch in and out with her fingerprints. White Castle allegedly did not get express written permission to make those scans or disclose how the data would be managed until 2018, a decade after the law was enacted.
Cothron reportedly first scanned her prints at White Castle’s direction around 2004 and she filed her putative class action in 2008, the year BIPA was passed.
Oral arguments before the justices can be viewed here.
There is give on either side of this case. There is no reason for the plaintiff to pull back, not given the history of pro-privacy BIPA cases today.
But businessowners maintain that BIPA has the potential to ruin them, even absent anything that would typically be construed in court as “harm.”
Danielle Kays, senior counsel with the Seyfarth law firm, declined to say if she was surprised by the outcome.
“I would say I’m disappointed, but it is consistent with cases,” says Kays. She has defended companies against BIPA class actions since 2018.
Kays says the decisions have been “draconian,” given BIPA’s scope, which keeps expanding.
Asked if businesses should have known about the risk of biometric scans regulated by a law passed in 2008, she says, “The employees also knew they were scanning” their biometrics.