Busy start to the year for BIPA could get busier with genetics lawsuits

The U.S. state of Illinois’ biometrics privacy law makes winners and losers in equal measure and today’s no different. Here are three cases and a warning for some vendors.

First is Meta’s defense against a Biometric Information Privacy Act case. A California federal judge has left the social media company with a shred of hope for a dismissal.

According to coverage by legal trade publication Law360, the judge in Meta’s case has tentatively decided to deny most of grounds for dismissal that the company has requested. But she is having other thoughts about grounds pertaining to profiting and storage in the plaintiff’s case.

This is different than most BIPA cases in that it involves accusations that Meta has violated BIPA with how it used consumers’ voice data, rather than only a failure to gather informed consent.

The judge has given the plaintiffs in the proposed class action an opportunity to remake their complaint that Meta profited from holding the data and was careless in storing the data. Both would violate BIPA.

Natalie Delgado v. Meta Platforms Inc., case 3:23-cv-04181, is being heard in the U.S. District Court for the Northern District of California.

Next is not a case. It’s a wakeup call. If there are any company executives in Illinois dealing in genetic data that have thought they will be passed over by biometric privacy litigation, they are likely wrong.

Illinois’ Genetic Information Privacy Act could be every bit as disruptive and threatening to businesses potentially violating it.

Another article by Law360 makes the case that GIPA could be interpreted very broadly. Plaintiffs have said family health histories gathered by employers are covered as are medical tests that indicate that serious illness could be in a person’s future.

An attorney reportedly speaking to Law360 said her firm handled two GIPA cases in the 25 years up to 2022 and 60 in the months since.

Third, digital ID provider Yoti has won a dismissal in its BIPA putative class action (3:22-cv-03105).

The suit involved Yoti’s internet-based ID and age verification software collecting, using and storing consumer’s biometric identifiers, allegedly in violation of BIPA.

Yoti’s defense was that the plaintiff voluntarily used its age-estimation service after being informed of what the service required. And Yoti was, indeed, a service provider, not the company using the estimation algorithm.

Yoti also charged that BIPA is unconstitutional. Documentation laying out the dismissal was not available online on deadline.

Last, new BIPA litigation.

Financial industry ID verification company Plaid faces a proposed class action, according to the Cook County (Ill.) Record. The plaintiffs accuse Plaid in case 1:24-cv-01242 of scanning the faces of people registering to use a Plaid app in violation of BIPA.

The plaintiff reportedly created financial accounts with a number of online banks some years ago. Some of the banks contracted for Plaid’s ID verification service. The plaintiff alleges that Plain collected and kept her face scan with meeting the law’s requirements.

Article Topics

Biometric Information Privacy Act (BIPA)  |  biometrics  |  data privacy  |  genetics  |  Meta  |  Yoti