Privacy Litigation

2025 Year-In-Review: Biometric Privacy Litigation

By Kristin Bryan, James Brennan, Gerald Sharpe & Nicholas Sweeney on December 11, 2025

Posted in Arbitration, Artificial Intelligence, Biometric information, Biometric Information Privacy Act (BIPA), Biometric Privacy Act, BIPA, Class Action, General, Litigation, New Jersey, New York, Privacy Litigation, Privacy Litigation, Texas, US

One of the most significantly litigated areas of privacy law is biometric privacy. Tools that collect biometric information and biometric identifiers—including facial geometries, fingerprint scans, and voiceprints—are increasingly common for businesses across industries. Unfortunately, such tools in recent years have become focuses of the plaintiffs’ bar.

2025 saw continued developments in litigation under Illinois’ Biometric Information Privacy Act (BIPA), one of the first and most important biometric privacy laws in the country, as well as other, lesser-litigated biometric laws. Squire Patton Boggs’ globally ranked “Elite” Data Disputes team is well experienced defending businesses and their data practices, including in the realm of biometric privacy, in both litigation and arbitration, including mass arbitration. See also https://www. privacyworld.blog/2025/12/2025-mass-arbitration-year-in-review/

In this article, informed by our practical experience litigating and arbitrating biometric cases, we: (I) provide a brief primer on BIPA and then take a look at some highlights of the 2025 biometric privacy litigation space, including (II) class action and mass arbitration activity under BIPA, (III) key questions regarding defenses to BIPA claims on appeal at the Seventh Circuit, (IV) a decision contrasting BIPA with New York City’s biometric regime, (V) developments under other biometric laws enforced by attorneys general, and (VI) the intersection of AI and biometric privacy laws.Continue Reading 2025 Year-In-Review: Biometric Privacy Litigation

Privacy World Week in Review

By Kristin Bryan on March 25, 2024

Posted in Artificial Intelligence, Artificial Intelligence Risk Management Framework (AI RMF), Asia, Asia Pacific, Biden, California, Compliance, Cybersecurity, Cybersecurity, Data Breach, Data Privacy, Data Privacy, Digital Assets, EU, EU, GDPR, GDPR, General, Japan, Japan, Litigation, Privacy, Privacy Litigation, Privacy Litigation, Singapore, Singapore, Spain, US, US, Whistleblower

In case you missed it, below are recent posts from Privacy World covering the latest developments on data privacy, security and innovation. Please reach out to the authors if you are interested in additional information.

Never Beyond the Law – the Spanish AEPD’s Position on the Processing of Whistleblower Data | Privacy World

Singapore to…

Privacy World Week in Review

By Kristin Bryan on March 18, 2024

Posted in Artificial Intelligence, Artificial Intelligence Risk Management Framework (AI RMF), California Privacy Rights Act, Compliance, Data Breach, Data Breach, GDPR, GDPR, General, General Data Protection Regulation (GDPR), Japan, Japan, Litigation, Privacy Litigation, Privacy Shield, US

Biden Budget Proposal Advances AI Priorities | Privacy World

US Regulators Lift the Curtain on Data Practices With Assessment, Reporting…

Privacy World Week in Review

By Kristin Bryan on March 11, 2024

Posted in Artificial Intelligence, Asia, Asia Pacific, Biometric information, California Age-Appropriate Design Code Act (“CAADCA”), California Age-Appropriate Design Code Act (AADC), California Attorney General, California Children’s Data Privacy Act, California Privacy Protection Agency, California Privacy Rights Act, California Privacy Rights Act (CPRA), CCPA, CCPA, CCRA, Children's Privacy, Compliance, Connecticut, Consumer Protection, Cybersecurity, Cybersecurity, Data Breach, Data Breach, Data Privacy, Data Privacy, FCC, Federal Communications Commission, GDPR, General, General Data Protection Regulation (GDPR), Litigation, Privacy, Privacy Litigation, Privacy Litigation, Singapore, Singapore, Technology, US, US

In Narrow Vote California Moves Next Generation Privacy Regs Forward | Privacy World

EDPB Versus Ireland? Does the Opinion on…

BREAKING: Supreme Court Rules Federal Agencies Are Subject to Consumer Suits for Fair Credit Reporting Act Violations

By Kristin Bryan & James Brennan on February 8, 2024

Posted in Data Privacy, Data Privacy, FCRA, Litigation, Privacy, Privacy Litigation, Privacy Litigation, Supreme Court, US, US

Today, in a unanimous opinion, the Supreme Court of the United States ruled that agencies of the federal government can be sued by individual consumers for violations of the Fair Credit Reporting Act (“FCRA”), 15 U.S.C. § 1681, et seq. The decision is significant in that it paves the way for more FCRA…

2023 Privacy Compliance Year in Review

By Alan Friel & Kyle Fath on January 12, 2024

Posted in Arkansas Social Media Safety Act, California Age-Appropriate Design Code Act (“CAADCA”), Connecticut Data Privacy Act (CTDPA), Consumer Data Protection Act (CDPA), Data Privacy, EU-US Data Privacy Framework, HIPAA/Health, Privacy Litigation

2023 was an eventful year for privacy legislation, regulation and regulatory enforcement. The compliance landscape continues to develop and evolve rapidly, making it difficult for covered businesses to keep up with the myriad requirements. In this post, we discuss some of the year’s most interesting privacy compliance developments globally.Continue Reading 2023 Privacy Compliance Year in Review

Ninth Circuit Dismisses Case In Ruling With Broader Implications for Cases Involving The Alleged Unlawful Extraction, Retention, And Sharing of Consumer Data

By Kristin Bryan & James Brennan on December 7, 2023

Posted in California, California Privacy Rights Act, California Privacy Rights Act (CPRA), Class Action, Consumer Protection, Cybersecurity, Cybersecurity, Cybersecurity, Data Privacy, Data Privacy, General, Litigation, Privacy, Privacy Litigation, Privacy Litigation, US, US

In a decision last week, the Ninth Circuit Court of Appeals affirmed dismissal of a putative class action concerning allegations that Shopify violated various California privacy and unfair competition laws by purportedly concealing its involvement in online consumer transactions. Briskin v. Shopify, Inc., No. 22-15815, 2023 WL 8225346 (9th Cir. Nov. 28, 2023). In…

Privacy World Week in Review

By Kristin Bryan on August 7, 2023

Posted in Biometric, Biometric data, Biometric information, Biometric Privacy Act, BIPA, BIPA, Cybersecurity, Data Privacy, Data Privacy, EU, EU, France, France, General, Illinois, Privacy Litigation, Privacy Litigation, SEC, Singapore, Singapore, US, US, Whistleblower

The French CNIL’s New Guidance on Whistleblowing | Privacy World

SEC Adopts Final Cybersecurity Risk Management and Incident Disclosure Regulations…

Illinois Supreme Court Refuses to Reconsider Decision That BIPA Claims Accrue Individually with Each Violation

By Kristin Bryan & James Brennan on July 21, 2023

Posted in Biometric information, Biometric Information Privacy Act (BIPA), Class Action, Data Privacy, Illinois, Litigation, Privacy Litigation, US

Earlier this week, the Illinois Supreme Court denied a petition for rehearing of its decision in Cothron v. White Castle, a case which has tremendous implications on the effect of Illinois’s Biometric Information Privacy Act (“BIPA”). As previously covered here on PW, the Court’s decision in February concluded that that each separate incident which is a violation of BIPA constitutes a distinct and separately actionable violation of the statute. In other words, plaintiffs may seek to collect liquidated damages per violation—$1,000 per violation, $5,000 per intentional/reckless violation—instead of per plaintiff, even if a plaintiff alleges daily violations over the course of years. This week’s ruling leaves in place the Cothron decision and its exponential expansion of the scope of damages that may be sought by an individual plaintiff.Continue Reading Illinois Supreme Court Refuses to Reconsider Decision That BIPA Claims Accrue Individually with Each Violation