The Illinois Supreme Court today resolved one of the most significant unsettled areas of law for claims arising under the Illinois Biometric Information Privacy Act (“BIPA”). In its decision in Cothron v. White Castle Sys., Inc., the Court confirmed that each separate violation of BIPA constitutes a distinct and separately actionable violation of the
Today, the Illinois Supreme Court resolved the hotly disputed question of whether a one-year or five-year statute of limitations period applies to claims brought under the Biometric Information Privacy Act (“BIPA”). In Tims v. Black Horse Carriers, Inc., the Court conclusively held that a five-year statute of limitations period applies to BIPA claims, expanding
In case you missed it, below are recent posts from Privacy World covering the latest developments on data privacy, security and innovation. Please reach out to the authors if you are interested in additional information.
Biometric privacy suits brought under the Illinois Biometric Information Privacy Act (“BIPA”) continue to remain one of the hottest areas of class action litigation today, which can be attributed primarily to the fact that high statutory damages awards can be recovered by large classes of employees, consumers, and similar groups of individuals for mere technical violations of the law. To further compliance matters, many BIPA decisions issued to date have skewed heavily in favor of plaintiffs, which has resulted in a significant expansion of potential litigation risk under the statute.
In Mora v. J&M Plating, Inc., No. 2-21-0692, 2022 IL App (2d) 210692 (Ill. App. Ct. 2d Dist. Nov. 30, 2022), the Illinois Second District Court of Appeals continued the trend of plaintiff-favorable BIPA decisions in 2022, holding that private entities run afoul of BIPA’s Section 15(a) data retention and destruction disclosure requirements where they fail to have in place a BIPA-compliant data retention/destruction disclosure at the time biometric data is initially possessed, and that subsequent disclosures cannot serve retroactively to remedy prior violations of this component of the law. Importantly, Mora underscores the need for companies to ensure they have satisfied all of the applicable requirements of BIPA prior to the time any biometric data is collected or possessed in order to mitigate the sizeable legal risks associated with legal non-compliance.
Welcome to the 2022 Q3 edition of the Artificial Intelligence & Biometric Privacy Report, your go-to source for keeping you in the know on all recent major artificial intelligence (“AI”) and biometric privacy developments that have taken place over the course of the last three months. We invite you to share this resource with your colleagues and visit Squire Patton Boggs’ Data Privacy, Cybersecurity & Digital Assets and Privacy & Data Breach Litigation homepages for more information about our capabilities and team.
Also, we are extremely pleased to announce that our own Kristin Bryan was named as a 2022 Law360 Cybersecurity & Privacy MVP. As Law360 notes, “[t]he attorneys chosen as Law360’s 2022 MVPs have distinguished themselves from their peers by securing hard-earned successes in high-stakes litigation, complex global matters and record-breaking deals.” You can read more about Kristin’s Law360 award here: Law360 MVP Awards Go to 188 Attorneys From 78 Firms.
Continue Reading 2022 Q3 Artificial Intelligence & Biometric Privacy Report
We have been covering the hiQ-LinkedIn data-scraping saga for several years now on CPW. (See previous posts here, here, here, and here).
After well-publicized litigation that made its way to the Supreme Court and back again, the United States District Court for the Northern District of California ruled[1] that the provisions of a website user agreement that prohibit anti-scraping and fake profiles are enforceable in a breach of contract claim. Businesses should take note and ensure that their own conduct enforces their terms and conditions in order to prevent violators from successfully claiming affirmative defenses. If a business knows of a violation, and wants to have enforceable terms, it should pursue remedying that violation.
In January 2019, the Illinois Supreme Court opened the floodgates to class action litigation pursued under the Illinois Biometric Information Privacy Act (“BIPA”) when the state’s highest court held in Rosenbach v. Six Flags Ent. Corp., 2019 IL 123186, 129 N.E.3d 1197 (Ill. 2019), that plaintiffs do not have to allege any actual injury or damages to pursue claims under the state’s biometric privacy statute; instead, mere technical violations of the law are sufficient. Today, the world of biometric privacy litigation experienced a development noteworthy enough to put it on equal footing with Rosenbach, with a jury finding in favor of a class of Illinois truck drivers in the first BIPA class action to be tried to verdict.
Continue Reading BREAKING: Plaintiff Prevails In First BIPA Class Action Jury Trial
This week, the Supreme Court decided to take up a pair of cases concerning complex issues regarding the previously broad immunity that has been awarded to media and tech companies under Section 230 of the Communications Decency Act. These are a must-watch going forward, as the statute historically facilitated freedom of speech and innovation on the internet.
Continue Reading Supreme Court to Hear Pair of Cases Concerning Immunity Under Section 230 of the Communications Decency Act
Earlier this month, a federal court in Illinois dismissed a BIPA fingerprint timekeeping class action that had been pending for over three years, finding that Plaintiff failed to adequately allege a claim under Section 15(b) of the Illinois Biometric Information Privacy Act. Stauffer v. Innovative Heights Fairview Heights, LLC, 2022 U.S. Dist. LEXIS 140010 (S.D. Ill. Aug. 5, 2022). This ruling was based on the Court’s primary conclusion that:
Nowhere in her complaint does Plaintiff allege that [Defendant] itself stored biometric information on its own computers or servers, or that [Defendant] used the biometric information for its own purposes. In fact, Plaintiff does not allege that [Defendant] actually accessed this information. Plaintiff” allegations are simply that [Defendant] could access the biometric information one day. But equally as plausible as [Defendant] accessing the information one day is that [Defendant] never accessed the information.
As reported earlier in CPW’s 2022 Q1 AI/Biometric Litigation Trends by Kristin Bryan, David Oberly and Christina Lamoureux, the majority of BIPA cases filed thus far in 2022 arise under the circumstances analogous to the Stauffer litigation in the timekeeping context. As such, the Court’s ruling in this case is anticipated to bear upon other pending and future filed cases.
In this instance, the Court rejected the Plaintiff’s allegations that the use of a uniform franchise agreement which (i) required franchisees adopt a common timekeeping system (“POS System”) that “collect[ed] employee fingerprints and information used to identify such employees based on their fingerprints” and (ii) and gave the Defendant “the right to have independent access to all information or data” on the POS System used by franchisees sufficient for purposes of a pleading a cognizable Section 15(b) BIPA claim.
Read on to learn more about the particular facts of this case and the Court’s analysis.
In case you missed it, below are recent posts from Consumer Privacy World covering the latest developments on data privacy, security and innovation. Please reach out to the authors if you are interested in additional information.
FTC Emphasizes Commitment to Protection of Highly Sensitive Data
Federal and State Actions to Protect Robocall Invasion of Consumer