FB pixel

Historic penalty decision in BIPA case shows the need to take biometric privacy seriously

Historic penalty decision in BIPA case shows the need to take biometric privacy seriously
 

Biometrics in one U.S. jurisdiction is now officially a live electrical wire dancing on the ground, ready to shock the unwary, and there appears to be no shortage of unwary companies in the state of Illinois.

The Illinois Supreme Court last week declined to revisit a previous decision that a company can be held liable for every biometric scan it conducts on anyone without their consent or without advising the subject how the data collected will be managed.

The state’s Biometric Information Privacy Act, passed in 2008, mandates that businesses wanting to use the biometrics of Illinois residents take special care of the data, which is a person’s only irreplaceable identifiers.

Companies globally profit from the identifiers without consent or compensation. And biometrics have been stolen, causing unmeasurable damage to individuals who are victimized. The courts have not been kind to some of these businesses.

The latest decision (No. 128004), in Cothron v. White Castle System could, as the defendant has warned, force a business out of business under the weight of the collective penalties. A judge had previously sided with the plaintiffs, but that decision was appealed to the state supreme court.

White Castle can appeal the decision no further because the United States Supreme Court doesn’t weigh in on state constitutional issues. There is some momentum behind an effort to defang BIPA with new legislation, but it is not clear how it would impact White Castle and other companies that have run afoul of the law.

The justices in the minority excoriated the majority, according to reporting by legal trade publication The National Law Review. There is no evidence that legislators approving BIPA wanted to create existential punishment for companies found guilty of violating the law.

Cothron v. White Castle bears on another significant BIPA case – Rogers v. BNSF Railway — that seemingly was already decided.

The judge last fall awarded $228 million in a class action. A truck driver sued the rail firm for taking his biometrics every time he drove onto the company’s property.

The plaintiffs say that the White Castle award means they should get more compensation because their award was figured per driver, not per scan.

The defendant had previously said it wants the penalty reduced because it was treated as being mandated and not discretionary.

As noted, there appear to be no shortage of unwary companies in Illinois when it comes to BIPA, and an analysis of privacy developments points to health care companies that have using Meta Platform’s Pixel software feature to collect information from people traversing their sites.

Whether Pixel is a new avenue for BIPA plaintiffs is not clear, but in reporting on people who claim their medical data was collected and shared, an article in the legal trade journal Law360 again makes the case – perhaps unwittingly — that some personal information, once out of a person’s control is forever available for others’ use.

Article Topics

 |   |   |   | 

Latest Biometrics News

 

Australia piloting myGov app and Trust Exchange for sharing medical data

The Australian government has launched a pilot of its myGov public services app and Services Australia’s Trust Exchange (TEx) proof-of-concept…

 

Sierra Leone consults to amend civil registration legislation

The National Civil Registration Authority of Sierra Leone (NCRA) is reviewing its current civil registration law to identify gaps that…

 

iProov biometrics and liveness detection to secure workforce IDs on Microsoft Entra

Enterprise workers using Microsoft Entra ID can now use iProov biometrics and liveness detection to log into company systems through…

 

Malaysia’s prime minister loses it with MyDigital ID’s slow progress

Malaysia’s leader has voiced deep frustration with the slow progress in two key national digital initiatives. This week it was…

 

IDVerse acquired by LexisNexis to boost biometric fraud protection

LexisNexis Risk Solutions has struck a deal to acquire IDVerse adding biometric fraud protection to its portfolio of analytics and…

 

Intellicheck to provide identity validation for Accio Data

Intellicheck, Inc. has announced an integration with Accio Data to streamline background screening checks for job applicants. A release from…

Comments

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Most Viewed This Week

Featured Company

Biometrics Insight, Opinion

Digital ID In-Depth

Biometrics White Papers

Biometrics Events