ILLINOIS, USA — A clarification to Illinois’ biometric data privacy law made by state lawmakers earlier this year limits the size of damages that can be claimed in lawsuits over Biometric Information Privacy Act violations, a federal judge ruled last week.
It’s an early indication that the courts are willing to apply a recent amendment to the biometric privacy law – once viewed as the strongest in the nation – to cases that are already in progress.
Northern District of Illinois Judge Elaine Bucklo threw out a lawsuit on Nov. 13 filed by John Gregg, a former employee of Michigan-based trucking company Central Transport LLC, alleging the company violated Illinois’ BIPA statute.
The lawsuit sought at least $75,000 in damages for the company’s alleged misuse of biometric data, but under the newly amended version of BIPA, damages would only amount to about $15,000, Bucklo wrote. That would make federal court the improper venue due to the lower dollar amount.
Bucklo wrote in her opinion that state lawmakers have clarified BIPA to reduce the frequency at which violations of the law occur after other companies have faced massive settlements for violations in recent years.
Gov. JB Pritzker signed a bill in August that clarified when a business improperly obtains biometric information of an employee or customer, the violation happens just one time, instead of each time the biometric data is obtained. For example, if an employee signs into their job with a fingerprint timeclock each day without giving their employer written consent to collect their biometric data, the company would be in violation of the law one time rather than each time the timeclock is used.
A prior interpretation of the law by the courts caused many businesses to pay out enormous settlements to employees or customers for violations of Illinois’ law, which is the only of its kind in the country. The Illinois Supreme Court invited the General Assembly to clarify the law after a case against White Castle wound up with the fast food chain potentially on the hook for $17 billion in damages, though it was ultimately settled for $9.4 million. State law stipulates damages are awarded for $1,000 for each “negligent” violation and $5,000 for each “reckless” or “intentional” violation.
“Because in this context employees are often required to scan each workday, sometimes multiple times per day, an important question arose: do BIPA claims accrue each time there is a biometric scan and each time that scan is transmitted to a third party, or do those claims only accrue upon the first scan and transmission?” Bucklo wrote in her opinion.
State lawmakers ultimately voted earlier this year to amend BIPA to show they intend for violations to occur once per person rather than each time data is obtained from a person.
The new legal language “was adopted shortly after the Illinois Supreme Court expressly invited the legislature to ‘make clear its intent regarding the assessment of damages under the act,’” Bucklo wrote, citing language in the White Castle decision. “That language underscores that the question of BIPA damages was at least ambiguous; if it were not, there would be no point in asking for legislative clarification.”
In Gregg’s case against Central Transport, which was filed in early March, he argued that the White Castle case shows violations occurred each time his fingerprints were scanned to sign in at work because employees were not informed about how the company would be collecting and storing his biometric data. Gregg sought more than $75,000 against the out-of-state company, which allowed him to file the case in federal court.
But in interpreting the new language of BIPA, Bucklo ruled damages in the case would amount to a maximum of $15,000 and tossed the case out of federal court for lack of jurisdiction. Though Gregg filed his case in March before Pritzker signed the amendment in August, Bucklo wrote the Illinois Supreme Court’s opinion in the White Castle case shows the law can be applied to cases that are still pending in the court system.
“By inviting the legislature to ‘clarify’ the issue of damages, the Illinois Supreme Court endorsed the view that the issue was unsettled and that the legislature could permissibly settle it,” Bucklo wrote, adding that it “must be applied as if it were clear from the date of BIPA’s enactment” in 2008.
The ruling is a “big win” for defendants in BIPA cases, Chicago attorney Danielle Kays of Fisher & Phillips LLP told Capitol News Illinois. Kays represents companies who face BIPA challenges.
“We haven’t seen this trend of single plaintiffs filing and seeking damages on behalf of one individual any longer,” Kays said on how the amendment to BIPA has changed the nature of BIPA cases.
Some business groups opposed the bill that clarified BIPA, arguing that the bill didn’t go far enough to apply the law retroactively among other concerns. Kays said lawsuits haven’t showed how people are actually harmed by BIPA violations, such as having their information exposed in a data breach.
“This does chip away at plaintiffs who are seeking increased demands on behalf of either each class member or individuals in the wake of recent Illinois Supreme Court decisions,” Kays said.
Capitol News Illinois is a nonprofit, nonpartisan news service that distributes state government coverage to hundreds of news outlets statewide. It is funded primarily by the Illinois Press Foundation and the Robert R. McCormick Foundation.
