Judge dismisses biometric data privacy lawsuit citing revised state law
Send a link to a friend
 [November 19, 2024]
By Ben Szalinski
A clarification to Illinois’ biometric data privacy law made by state
lawmakers earlier this year limits the size of damages that can be
claimed in lawsuits over Biometric Information Privacy Act violations, a
federal judge ruled last week.
It’s an early indication that the courts are willing to apply a recent
amendment to the biometric privacy law – once viewed as the strongest in
the nation – to cases that are already in progress.
Northern District of Illinois Judge Elaine Bucklo threw out a lawsuit on
Nov. 13 filed by John Gregg, a former employee of Michigan-based
trucking company Central Transport LLC, alleging the company violated
Illinois’ BIPA statute.
The lawsuit sought at least $75,000 in damages for the company’s alleged
misuse of biometric data, but under the newly amended version of BIPA,
damages would only amount to about $15,000, Bucklo wrote. That would
make federal court the improper venue due to the lower dollar amount.
Bucklo wrote in her opinion that state lawmakers have clarified BIPA to
reduce the frequency at which violations of the law occur after other
companies have faced massive settlements for violations in recent years.
Gov. JB Pritzker signed a bill in August that clarified when a business
improperly obtains biometric information of an employee or customer, the
violation happens just one time, instead of each time the biometric data
is obtained. For example, if an employee signs into their job with a
fingerprint timeclock each day without giving their employer written
consent to collect their biometric data, the company would be in
violation of the law one time rather than each time the timeclock is
used.
A prior interpretation of the law by the courts caused many businesses
to pay out enormous settlements to employees or customers for violations
of Illinois’ law, which is the only of its kind in the country. The
Illinois Supreme Court invited the General Assembly to clarify the law
after a case against White Castle wound up with the fast food chain
potentially on the hook for $17 billion in damages, though it was
ultimately settled for $9.4 million. State law stipulates damages are
awarded for $1,000 for each “negligent” violation and $5,000 for each
“reckless” or “intentional” violation.
“Because in this context employees are often required to scan each
workday, sometimes multiple times per day, an important question arose:
do BIPA claims accrue each time there is a biometric scan and each time
that scan is transmitted to a third party, or do those claims only
accrue upon the first scan and transmission?” Bucklo wrote in her
opinion.
State lawmakers ultimately voted earlier this year to amend BIPA to show
they intend for violations to occur once per person rather than each
time data is obtained from a person.
[to top of second column]
|
The Dirksen Federal Courthouse in Chicago. (Capitol News Illinois
photo by Andrew Adams)
The new legal language “was adopted shortly after the Illinois Supreme
Court expressly invited the legislature to ‘make clear its intent
regarding the assessment of damages under the act,’” Bucklo wrote,
citing language in the White Castle decision. “That language underscores
that the question of BIPA damages was at least ambiguous; if it were
not, there would be no point in asking for legislative clarification.”
In Gregg’s case against Central Transport, which was filed in early
March, he argued that the White Castle case shows violations occurred
each time his fingerprints were scanned to sign in at work because
employees were not informed about how the company would be collecting
and storing his biometric data. Gregg sought more than $75,000 against
the out-of-state company, which allowed him to file the case in federal
court.
But in interpreting the new language of BIPA, Bucklo ruled damages in
the case would amount to a maximum of $15,000 and tossed the case out of
federal court for lack of jurisdiction. Though Gregg filed his case in
March before Pritzker signed the amendment in August, Bucklo wrote the
Illinois Supreme Court’s opinion in the White Castle case shows the law
can be applied to cases that are still pending in the court system.
“By inviting the legislature to ‘clarify’ the issue of damages, the
Illinois Supreme Court endorsed the view that the issue was unsettled
and that the legislature could permissibly settle it,” Bucklo wrote,
adding that it “must be applied as if it were clear from the date of
BIPA’s enactment” in 2008.
The ruling is a “big win” for defendants in BIPA cases, Chicago attorney
Danielle Kays of Fisher & Phillips LLP told Capitol News Illinois. Kays
represents companies who face BIPA challenges.
“We haven’t seen this trend of single plaintiffs filing and seeking
damages on behalf of one individual any longer,” Kays said on how the
amendment to BIPA has changed the nature of BIPA cases.
Some business groups opposed the bill that clarified BIPA, arguing that
the bill didn’t go far enough to apply the law retroactively among other
concerns. Kays said lawsuits haven’t showed how people are actually
harmed by BIPA violations, such as having their information exposed in a
data breach.
“This does chip away at plaintiffs who are seeking increased demands on
behalf of either each class member or individuals in the wake of recent
Illinois Supreme Court decisions,” Kays said.
Capitol News Illinois is
a nonprofit, nonpartisan news service that distributes state government
coverage to hundreds of news outlets statewide. It is funded primarily
by the Illinois Press Foundation and the Robert R. McCormick Foundation. |
