SPRINGFIELD, Ill. (NEXSTAR) – Illinois is one of only three states where people can sue companies for mishandling their biometric data.
A recent State Supreme Court ruling on the law is causing major concerns for businesses across the state.
A group of business leaders held a news conference in the capitol Thursday expressing their concerns about the Biometric Information Privacy Act.
The act, which requires companies to inform and get consent before storing user’s biometric data like fingerprints and retinal scans, was signed into law in 2008.
Business groups have said since the technology has changed and biometric data is routine for many industries including nursing and trucking, it’s time for the law to do the same.
“Illinois’ current BIPA law is outdated and flawed, resulting in thousands of lawsuits and billions of dollars in damages, even when there has been no harm to an individual,” Illinois Manufacturing Association CEO Mark Denzler said. “It’s time for lawmakers to put an end to this rampant abuse of the law and enact commonsense reforms that protect businesses while preserving privacy rights.”
Since the law has passed, more than 1,500 lawsuits have been filed. One of the most famous cases was a class-action lawsuit in 2020 where Facebook paid over half a billion dollars to Illinoisans for its facial recognition technology on the platform.
Several Illinois Supreme Court decisions have also strengthened BIPA. In 2019, the Supreme Court found in Rosenbach v. Six Flags that Illinois plaintiffs do not need to prove any damages if the company is found in violation of the law. Last month it ruled in Cothron v. White Castle damages should be paid out every time the law is violated, instead of just once. For example, if a business requires employees to scan a thumb print to clock in, if they don’t get proper consent, the business could be sued for up to $5,000 per scan, and not just per employee.
How the court ruled worries employers in several industries.
“These sorts of fines will quickly add up for long-term care facility operators, which require employees to clock-in using their thumbprint multiple times a day to meet state and federally mandated quality of care standards,” Matt Hartman, the executive director of the Illinois Health Care Association, said.
In Cothron v. White Castle, justices in the majority opinion wrote lawmakers should “make clear its intent regarding the assessment of damages.”
But some groups for the law, including the ACLU of Illinois, want the law to remain unchanged.
“Now that there are violations, their argument is that they can’t possibly comply with the law, so we should change it,” Ed Yohnka, spokesperson for ACLU-IL, said. “We work on criminal justice issues all the time. And I have to tell you that nobody ever says, ‘Well, no one’s following that criminal law, so we’ll just change it and make it easier for people to violate.'”
Bills amending the law been filed this session before the state Supreme Court decided on Cothron v. White Castle. New bills in response to the law are expected to come, including ones that would allow businesses to fix without penalty if there was no harm found, and limiting the statute of limitations for claims from five years to one year.
If there’s no change to the law, groups warn there may be commercial consequences.
“The ramifications of these decisions extend beyond the companies as the costs of these lawsuits will drive up costs of goods, services, and health care for everyone in Illinois and will lead to the destruction of thousands of jobs,” Phil Melin of the Citizens Against Lawsuit Abuse said.
