Transmission of biometric data and BIPA violation decisions


The United States Court of Appeals for the Seventh Circuit certified a question to the Supreme Court of Illinois regarding the accumulation of claims under the Illinois Biometric Information Privacy Act (BIPA). The question, posed by the court of Cothron vs. White Castle Systems, Inc., bed :

“Do the claims of Sections 15(b) and 15(d) accrue each time a private entity scans a person’s biometric identifier and each time a private entity transmits such a scan to a third party , respectively, or only during the first scan and the first transmission??

The case was brought by an employee of the White Castle burger chain, which requires fingerprint scans for employees to gain access to computer systems. The complainant accused sharing her fingerprints with a third-party provider of violating the law. Cothron vs. White Castle Sys., no. 20-3202, 2021 US App. LEXIS 37593 (7th Cir. Dec. 20, 2021).

An accumulation rule based on each collection, opponents of such a conclusion say, would result in potentially existential damages — particularly in the context of a class action — since BIPA provides for statutory damages of $1,000 or 5 $000 per violation. However, the parties disagree on whether BIPA’s damages are mandatory or discretionary. If the court determines that the first scan is the only scan that triggers the statute of limitations, opponents of this interpretation say anyone suing after five years would be out of luck, even if their private biometric data continued to be passed on. . more than five years after the first event.

Just five days before federal court certification of this matter, an Illinois appeals court ruled that, yes, claims under Sections 15(a) and (b) accrue with each capture. and use of a complainant’s biometric information. Watson v. Legacy Healthcare Financial Services, LLC, et al., 2021 IL App (1st) 210279 No. 1-21-0279, Notice filed December 15, 2021.

This is an important matter to watch.

Illinois was the first to implement such legislation, which several states have since followed. Should he rule in favor of an “all scans” interpretation, defendants could find themselves at the mercy of devastating damage multipliers. Of course, the Illinois Supreme Court could determine that damages are at the discretion of a court and not mandatory under the law. Or it could decide that each scan or transmission restarts the statute of limitations clock, but a plaintiff can collect damages only once for a series of transmissions of the same data, in the same way as Defamation damages are not based on each publication of the same defamatory material. Another possibility is that the court may determine that the countdown begins when a plaintiff first becomes aware of an alleged infringement, which has precedent in litigation involving latent diseases caused by products, where individuals may not know they have been injured until they develop a characteristic disease. , that is to say, one tied to a specific product.

The decision in this case is particularly interesting because the COVID-19 pandemic has led to the rapid adoption of remote access tools that can collect biometric data for learning, court appearances and security arrangements. working from home, and a corresponding increase in BIPA lawsuits.


Comments are closed.