BIPA still ripe for civil actions on biometrics as legal status of amendment awaits clarity

Litigation of Illinois’ Biometric Information Privacy Act (BIPA) is in a strange legal limbo. Having been milked through a flurry of class actions into an obviously mistreated cash cow, the 2008 law recently got an update care of the state’s Supreme Court aiming to stem the freeflow of litigation under the law’s private right to action.

A June 2023 ruling slapped a five year statute of limitations on the law. And in June 2024, an amendment was added to BIPA clarifying that its intent was for every individual to get a single amount of damages in any instance where their biometric information is collected – but not multiple damages if their biometrics are collected in the same way for the same person.

An article by Kara Thomson in Privacy Daily (paywalled) explores the fallout from that amendment, much of which centers on arguments over whether it should apply retroactively. The piece quotes Rachel Schaller, a privacy lawyer at BlankRome, who argues that “amendments which are not expressly retroactive, on their face, should be applied retroactively when they merely clarify legislative intent regarding the original enactment.”

Not everyone agrees. Courts in the federal district have ruled both ways on the matter; Schaller says “there’s a different path that this argument is developing on, depending on which jurisdiction the arguments are being raised.” Ultimately, she expects questions about the biometrics law to work their way through the appellate court system and likely to the Illinois Supreme Court, “since it is such an important issue and there is a lot of money at stake.

Madison Shepley, an attorney at Clark Hill, says the time it will take for that to happen means uncertainty for the foreseeable future, which will heavily impact the cases filed before the amendment that are still pending. “At this point, it’s an exposure assessment. It’s directly impacting cases that have already been filed, so not necessarily prospective, but looking back.”

“So what now, while everything’s pending? What do you say to clients or advise businesses who are currently hit and may be considering settlement?”

New suit against Google by stragglers from Cook County action

While privacy lawyers believe BIPA cases will dwindle with time, for now they continue to appear. An article from legal trade publication Law 360 says two Illinois residents have sued Google in state court, claiming their privacy was violated through Google Photos’ collection and retention of face templates.

Filed last month in Cook County Court by Madonna and Morgan Alvarez, the suit alleges that by scanning photos of users and nonusers that are uploaded to Google Photos and obtaining their biometric information without permission to create biometric templates, Google is in violation of BIPA.

Google has already faced seven suits in Cook County over the matter, resulting in a $100 million settlement in September 2022 that resolved claims of some 420,000 Illinois residents. The Alvarezes decided to pursue individual claims instead.

ByteDance wins some, loses some in CapCut BIPA case

Next up in the BIPA crosshairs is Bytedance, which owns video sharing platform TikTok. Law360 says an Illinois federal judge has permitted users of ByteDance’s CapCut video editing tool to pursue several claims of a proposed class action – although the action has been “trimmed,” with Judge Georgia N. Alexakis dismissing other claims.

The Beijing company, however, still faces claims that it violated BIPA and the California constitution in using CapCut to secretly collect and monetize users’ biometric data. Alexakis’ decision says that, “to summarize: Plaintiffs have sufficiently stated violations of their privacy rights under the California Constitution (Count VI); intrusion upon seclusion (Count VII), larceny (Count XI), and conversion (Count XII) under California law; and BIPA (Count XIV).”

Article Topics

biometric identifiers  |  Biometric Information Privacy Act (BIPA)  |  biometrics  |  ByteDance  |  face biometrics  |  Google  |  Google Photos  |  lawsuits  |  TikTok