BIPA

One of the most significantly litigated areas of privacy law is biometric privacy. Tools that collect biometric information and biometric identifiers—including facial geometries, fingerprint scans, and voiceprints—are increasingly common for businesses across industries. Unfortunately, such tools in recent years have become focuses of the plaintiffs’ bar.

2025 saw continued developments in litigation under Illinois’ Biometric Information Privacy Act (BIPA), one of the first and most important biometric privacy laws in the country, as well as other, lesser-litigated biometric laws. Squire Patton Boggs’ globally ranked “Elite” Data Disputes team is well experienced defending businesses and their data practices, including in the realm of biometric privacy, in both litigation and arbitration, including mass arbitration. See also https://www. privacyworld.blog/2025/12/2025-mass-arbitration-year-in-review/

In this article, informed by our practical experience litigating and arbitrating biometric cases, we: (I) provide a brief primer on BIPA and then take a look at some highlights of the 2025 biometric privacy litigation space, including (II) class action and mass arbitration activity under BIPA, (III) key questions regarding defenses to BIPA claims on appeal at the Seventh Circuit, (IV) a decision contrasting BIPA with New York City’s biometric regime, (V) developments under other biometric laws enforced by attorneys general, and (VI) the intersection of AI and biometric privacy laws.Continue Reading 2025 Year-In-Review: Biometric Privacy Litigation

Mass arbitrations—where a plaintiffs’ firm brings dozens, hundreds, or thousands of identical claims against a business—is a mechanism increasingly relied upon by the plaintiffs’ bar in the past few years.  This is because mass arbitrations enable a plaintiffs’ firm to create settlement pressure by leveraging unavoidable arbitration fees borne by a business regardless of the merits of the claims filed.  Further powered by litigation funding, plaintiffs’ firms have used the mass arbitration device to bring vexatious claims and escape review of the merits or any downside risk.Continue Reading 2025 Mass Arbitration Year in Review

On November 30, 2023, the Illinois Supreme Court unanimously held that an exclusion in the Illinois Biometric Information Privacy Act applies to healthcare workers where their biometric information is collected, used, or stored in the course of providing medical services.  The holding is a significant victory for healthcare institutions and clarifies that the applicable exemption

In case you missed it, below are recent posts from Privacy World covering the latest developments on data privacy, security and innovation. Please reach out to the authors if you are interested in additional information.

The French CNIL’s New Guidance on Whistleblowing | Privacy World

SEC Adopts Final Cybersecurity Risk Management and Incident Disclosure Regulations

On May 18, 2023, the Federal Trade Commission (“FTC”) unanimously adopted its Policy Statement on Biometric Information and Section 5 of the Federal Trade Commission Act (“Policy Statement”), addressing the increasing use of consumers’ biometric information and the marketing of technologies that use or claim to use it—regarding which the FTC raises significant concerns. In the areas of privacy, data security, and the potential for bias and discrimination. In addition, the Policy Statement also provides a detailed discussion of the established legal requirements applicable to the use of biometrics, particularly those relating to Section 5 of the FTC Act, and lists examples of the practices the agency will scrutinize in determining whether companies’ use of biometric technologies run afoul of Section 5.
Continue Reading FTC’s New Policy Statement on Biometric Information Provides Clear Warning to Companies on Increased Scrutiny of Facial Recognition & Related Biometrics Practices

In case you missed it, below are recent posts from Privacy World covering the latest developments on data privacy, security and innovation. Please reach out to the authors if you are interested in additional information.

NIST Not Voluntary in the Volunteer State: Tennessee Privacy Law Requires Comprehensive Written Privacy Program that Conforms to a Voluntary

One of the most notable trends in Illinois Biometric Information Privacy Act (“BIPA”) class action litigation is the marked increase in the number of class actions targeting third-party biometric technology vendors, such as identity authentication systems and employee timekeeping devices. Importantly, because these vendors do not maintain any direct relationship with the end users of

In case you missed it, below are recent posts from Privacy World covering the latest developments on data privacy, security and innovation. Please reach out to the authors if you are interested in additional information.

To Benefit from Insurance Coverage in France Businesses Must File a Complaint Within 72 Hours of a Cyberattack | Privacy

Several months ago, you may have seen social media filled with artistic renditions of your connections as paintings, cartoons, or other artistic styles. These renditions came from Lensa, an app by which users upload “selfies” or other photos, which the app processes to generate artistic images of the user. Lensa, which is owned by Prisma

In case you missed it, below are recent posts from Privacy World covering the latest developments on data privacy, security and innovation. Please reach out to the authors if you are interested in additional information.

SPB’s David Oberly Analyzes the Wide Scope of Third-Party Vendor BIPA Class Action Liability Exposure in Biometric Update | Privacy