The Illinois Supreme Court recently held that all causes of action brought under the Illinois Biometric Information Privacy Act (BIPA) are subject to a five-year statute of limitations. The Court’s holding is the latest disappointment for Illinois companies defending BIPA actions and means the scourge of BIPA litigation will continue.
Illinois’ Biometric Information Privacy Act (BIPA) has spawned a tsunami of class actions against employers who utilize biometric timekeeping or security systems. Now, the Illinois Supreme Court in McDonald v. Symphony Bronzeville Park, LLC has eliminated a defense invoked by employers facing claims under BIPA: the exclusivity of workers’ compensation.
In January 2020, the Supreme Court decided it would not hear the issue of whether Facebook broke the law in Illinois when it instituted a photo-tagging feature that honed in on users’ faces and tagged them without their consent, and Facebook has now settled with the users for $550 million. The Illinois law is part of a patchwork of laws applicable to facial recognition technology (FRT).
McDermott’s Ashley Winton contributes to the second installment of a three-part article series on FRT. This article examines the applicable legal framework and regulatory guidance, including intellectual property rights, general privacy legislation, specific state biometric data laws and more.
Originally published on Cybersecurity Law Report, February 2020
The Illinois Biometric Information Privacy Act is having its moment. At least 32 class action lawsuits have been filed by Illinois residents in state court in the past two months challenging the collection, use and storage of biometric data by companies in the state. This may cause a reassessment of company strategies and development of new defenses in the use of advancing biometric technology.
Subscribe
