Today, in a unanimous opinion, the Supreme Court of the United States ruled that agencies of the federal government can be sued by individual consumers for violations of the Fair Credit Reporting Act (“FCRA”), 15 U.S.C. § 1681, et seq. The decision is significant in that it paves the way for more FCRA
Supreme Court
Win for Healthcare Institutions: Illinois High Court Rules Healthcare Employees’ Biometrics Exempt from BIPA Requirements
On November 30, 2023, the Illinois Supreme Court unanimously held that an exclusion in the Illinois Biometric Information Privacy Act applies to healthcare workers where their biometric information is collected, used, or stored in the course of providing medical services. The holding is a significant victory for healthcare institutions and clarifies that the applicable exemption…
BREAKING: Illinois Supreme Court Determines BIPA Claims Accrue Individually With Each Violation
The Illinois Supreme Court today resolved one of the most significant unsettled areas of law for claims arising under the Illinois Biometric Information Privacy Act (“BIPA”). In its decision in Cothron v. White Castle Sys., Inc., the Court confirmed that each separate violation of BIPA constitutes a distinct and separately actionable violation of the…
BREAKING: Illinois Supreme Court Sets Five-Year Statute of Limitations for All BIPA Claims
Today, the Illinois Supreme Court resolved the hotly disputed question of whether a one-year or five-year statute of limitations period applies to claims brought under the Biometric Information Privacy Act (“BIPA”). In Tims v. Black Horse Carriers, Inc., the Court conclusively held that a five-year statute of limitations period applies to BIPA claims, expanding …
Privacy World Week in Review
In case you missed it, below are recent posts from Privacy World covering the latest developments on data privacy, security and innovation. Please reach out to the authors if you are interested in additional information.
Illinois Appellate Court Issues Key, Plaintiff-Favorable Opinion On BIPA Data Retention Disclosure Requirements
Biometric privacy suits brought under the Illinois Biometric Information Privacy Act (“BIPA”) continue to remain one of the hottest areas of class action litigation today, which can be attributed primarily to the fact that high statutory damages awards can be recovered by large classes of employees, consumers, and similar groups of individuals for mere technical violations of the law. To further compliance matters, many BIPA decisions issued to date have skewed heavily in favor of plaintiffs, which has resulted in a significant expansion of potential litigation risk under the statute.
In Mora v. J&M Plating, Inc., No. 2-21-0692, 2022 IL App (2d) 210692 (Ill. App. Ct. 2d Dist. Nov. 30, 2022), the Illinois Second District Court of Appeals continued the trend of plaintiff-favorable BIPA decisions in 2022, holding that private entities run afoul of BIPA’s Section 15(a) data retention and destruction disclosure requirements where they fail to have in place a BIPA-compliant data retention/destruction disclosure at the time biometric data is initially possessed, and that subsequent disclosures cannot serve retroactively to remedy prior violations of this component of the law. Importantly, Mora underscores the need for companies to ensure they have satisfied all of the applicable requirements of BIPA prior to the time any biometric data is collected or possessed in order to mitigate the sizeable legal risks associated with legal non-compliance. Continue Reading Illinois Appellate Court Issues Key, Plaintiff-Favorable Opinion On BIPA Data Retention Disclosure Requirements
2022 Q3 Artificial Intelligence & Biometric Privacy Report
Welcome to the 2022 Q3 edition of the Artificial Intelligence & Biometric Privacy Report, your go-to source for keeping you in the know on all recent major artificial intelligence (“AI”) and biometric privacy developments that have taken place over the course of the last three months. We invite you to share this resource with your colleagues and visit Squire Patton Boggs’ Data Privacy, Cybersecurity & Digital Assets and Privacy & Data Breach Litigation homepages for more information about our capabilities and team.
Also, we are extremely pleased to announce that our own Kristin Bryan was named as a 2022 Law360 Cybersecurity & Privacy MVP. As Law360 notes, “[t]he attorneys chosen as Law360’s 2022 MVPs have distinguished themselves from their peers by securing hard-earned successes in high-stakes litigation, complex global matters and record-breaking deals.” You can read more about Kristin’s Law360 award here: Law360 MVP Awards Go to 188 Attorneys From 78 Firms.Continue Reading 2022 Q3 Artificial Intelligence & Biometric Privacy Report
Federal Court Rules in Favor of LinkedIn’s Breach of Contract Claim after Six Years of CFAA Data Scraping Litigation
We have been covering the hiQ-LinkedIn data-scraping saga for several years now on CPW. (See previous posts here, here, here, and here).
After well-publicized litigation that made its way to the Supreme Court and back again, the United States District Court for the Northern District of California ruled[1] that the provisions of a website user agreement that prohibit anti-scraping and fake profiles are enforceable in a breach of contract claim. Businesses should take note and ensure that their own conduct enforces their terms and conditions in order to prevent violators from successfully claiming affirmative defenses. If a business knows of a violation, and wants to have enforceable terms, it should pursue remedying that violation.Continue Reading Federal Court Rules in Favor of LinkedIn’s Breach of Contract Claim after Six Years of CFAA Data Scraping Litigation
BREAKING: Plaintiff Prevails In First BIPA Class Action Jury Trial
In January 2019, the Illinois Supreme Court opened the floodgates to class action litigation pursued under the Illinois Biometric Information Privacy Act (“BIPA”) when the state’s highest court held in Rosenbach v. Six Flags Ent. Corp., 2019 IL 123186, 129 N.E.3d 1197 (Ill. 2019), that plaintiffs do not have to allege any actual injury or damages to pursue claims under the state’s biometric privacy statute; instead, mere technical violations of the law are sufficient. Today, the world of biometric privacy litigation experienced a development noteworthy enough to put it on equal footing with Rosenbach, with a jury finding in favor of a class of Illinois truck drivers in the first BIPA class action to be tried to verdict.
Continue Reading BREAKING: Plaintiff Prevails In First BIPA Class Action Jury Trial
Supreme Court to Hear Pair of Cases Concerning Immunity Under Section 230 of the Communications Decency Act
This week, the Supreme Court decided to take up a pair of cases concerning complex issues regarding the previously broad immunity that has been awarded to media and tech companies under Section 230 of the Communications Decency Act. These are a must-watch going forward, as the statute historically facilitated freedom of speech and innovation on the internet.
Continue Reading Supreme Court to Hear Pair of Cases Concerning Immunity Under Section 230 of the Communications Decency Act