Lawsuit abuse watchdog urges Illinois to fix the state’s biometric privacy law

Send a link to a friend  Share

[October 20, 2023]  By Kevin Bessler | The Center Square

(The Center Square) – With the fall veto session approaching, a lawsuit abuse watchdog is urging Illinois lawmakers to use the time to fix the state's Biometric Information Privacy Act, or BIPA.

In February, the Illinois Supreme Court ruled in a case involving White Castle that a legal claim accrues each time a private entity scans a person’s biometric identifier without their consent. Each day, White Castle required its employees to scan their fingerprints to clock in and access their computers. To authorize each employee's access, a third-party vendor would verify each scan. In doing so, however, White Castle neglected to acquire their employees' consent, a violation under current BIPA law.

In its ruling, the court also acknowledged that the current law is a potential business killer and it is up to the Illinois General Assembly to "review these policy concerns about potentially excessive damage awards" and "make clear its intent."

White Castle filed a petition for rehearing, arguing that the high court incorrectly interpreted the law. In July, the court denied the petition for rehearing and upheld the standard that BIPA claims accrue upon each scan or transmission.

Phil Melin, executive director of Illinois Citizens Against Lawsuit Abuse, said lawmakers should put politics aside and do the right thing.

[to top of second column]

 

“What we think needs to happen is basically the Illinois legislature should follow the recommendations of the Illinois Supreme Court in their decision on the White Castle case and they should remove the per-instant requirement every time somebody checks in and out with their biometric information,” Melin told The Center Square.

Melin points to a story shared by a small McHenry County company being sued under BIPA.

“The owner told me his insurance coverage doesn’t cover BIPA exposure and that his business may have to agree to a massive settlement just to survive. He said the fingerprint information collected was always secure and never shared outside the firm, but he faces a $5,000 penalty for every instance one of his employees checked in and out of work," Melin said.

Illinois business, health care and technology groups have been outspoken in their opposition to the law, including proposed changes during the spring session of the General Assembly. One proposed change included a 50% increase in the minimum penalty businesses face for violating BIPA that could be awarded in future cases, but that measure stalled in committee.

Melin said if the law isn’t addressed during the fall veto session, Illinois businesses will suffer.

“I think we are just going to see a continued explosion of BIPA lawsuits, with the possibility of insurance companies being savvy to it and not covering it,” said Melin. “You’re going to see some real carnage out there.”

The fall veto session begins Tuesday, Oct. 24th.

Back to top