What is the Biometric Information Privacy Act?

What is the Biometric Information Privacy Act?

Instagram Class Action Settlement

Photo Credit: Unsplash | Updated: July 19, 2023

All about the Biometric Information Privacy Act

Biometrics-based solutions that automatically identify and authenticate people are becoming increasingly popular. The Illinois Biometric Information Privacy Act (BIPA) has become one of the most restrictive biometric data privacy laws in the United States that aims to protect individual privacy and their unique biometrics.

Biometrics such as vein patterns, fingerprints, and voiceprints are only a few examples of the types of data kept on people by business and government organizations using smartphones, computers, chip readers, eye scanners, just to name a few.. Although these technologies are intended to improve security, businesses must carefully consider their adoption and application, especially in the workplace, in order to keep user information private.

What is the Biometric Information Privacy Act (BIPA)?

In October 2008, Illinois became the first state to approve the Biometric Information Privacy Act (BIPA). This Act prohibits the unauthorized collection, use, or storage of biometric data such as fingerprints, iris scans, or face prints. It is one of the most comprehensive biometric privacy legislation and gives a private right of action.

Biometric identifiers are collected and stored under BIPA. People must be given notice in writing of why their biometric data are being collected, as well as the data storage parameters. It also stipulates that individuals collecting this information must seek written consent from persons whose information is stored. The most common use of biometric data in the workplace is to operate a biometric time clock with a fingerprint scan.

BIPA applies to any company, regardless of location, that collects or uses biometric data of Illinois citizens. Individuals retain rights over their biometric data, and commercial companies are prohibited from collecting it unless they:

• Notify the person that information is being collected or documented.
• Inform the individual in writing of the particular reason for the data collection, storage, and use, as well as the duration of the usage.
• Get the person's written consent.

BIPA establishes rules for how businesses must handle biometric data collected from Illinois residents. Furthermore, the law prohibits any company from selling or profiting from its customers' biometric data.

A Brief History of How BIPA Started

On February 14, 2008, State Senator Terry Link introduced Senate Bill 2400, which became the Biometric Information Privacy Act. In response to the growing use of biometric technology and the sensitive nature of biometric identities and data, the Illinois state legislature approved the BIPA. On July 10, 2008, it was approved by then-Governor Rod Blagojevich after passing both houses of the Illinois General Assembly.

After the law's enactment in 2008, few lawsuits were filed under BIPA until 2016, when the first class-wide settlement was approved under the statute. Senator Link proposed and subsequently withdrew an amendment to the Act in 2016, limiting the Act's application to biometrics obtained in public places. BIPA cases began to trickle after that, eventually steadily increasingly from 2019.

In the 102nd Illinois General Assembly in 2021, 11 bills linked to BIPA were submitted. All the legislation was assigned to committees and was not heard until 2021. During the 2022 legislative session, this legislation could be reintroduced and evaluated.

Examples of BIPA Class Action Settlement

Judge James Donato of the United States District Court for the Northern District of Illinois labeled Facebook's $650 million class-action settlement for alleged Illinois Biometric Information Privacy Act violations. Edelson agreed to represent class members in a 2015 complaint alleging that Facebook's tag recommendations feature violates Illinois law by collecting and storing digital scans of their faces without their knowledge or consent. It's one of the largest privacy settlements in history, with every class member receiving around $397 checks in the mail in September 2022. More about the Facebook privacy class action can be found here.

Rosenbach v. Six Flags Entertainment Corp (January 2019) is a class action complaint filed on behalf of 1.1 million persons who say they were forced to reveal fingerprint data in order to use repeat-entry cards at Great America, a Six Flags amusement park in Gurnee, Illinois. According to the pass holders, Six Flags' alleged use, storage, collection, and transmission of their fingerprints violated BIPA. In addition, the corporation failed to comply with the law's requirements for fair notice, permission, and a stated policy. If final approval is granted, the settlement will be the second-largest BIPA class action to be resolved.

A $25 million class-action settlement was recently approved by a Cook County judge ending a sweeping class-action lawsuit accusing ADP, a human resources technology and services company. The corporation was accused of violating the Illinois Biometric Information Privacy Act by offering technology and assistance to companies that required employees to scan their fingerprints when entering the office. According to class counsel, more than 40,000 persons filed claims as part of the settlement. These individuals will get a prorated share of the settlement funds, estimated to be around $375 per person. In addition, the judge awarded $8.75 million in attorney's fees to class counsel or one-third of the total settlement sum.

How Do I Report BIPA Violations?

BIPA not only imposes numerous obligations on biometrics companies, but it also gives customers the right to sue if such obligations are not honored. Examine whether your company is collecting biometric information as required by Illinois law. Contact an expert attorney for a claim consultation and assistance if you suspect your current or past employer has violated the BIPA laws.

Can I Start a Class Action Based on BIPA?

Do you want to start a class action based on BIPA? Worry no more! The private right of action clause of BIPA allows persons or members of a team to sue businesses directly for infringement of their privacy rights. As a result, Illinois citizens should contact a biometric privacy attorney to submit a new claim or join a class action lawsuit without losing their potential recovery due to attorney fees and litigation costs.

In addition, each time biometric data is obtained and retained in violation of the BIPA, employees may have a new claim for damages.

If a claimant is compelled to scan their fingerprint and the information is taken and collected in violation of BIPA, they may be eligible for compensation ranging from $1,000 to $5,000. According to the Illinois Supreme Court, a claim under the BIPA does not have to be based on actual injury.

How Do I Find Class Action Settlements?

Find all the latest Class Action Settlements you can qualify for by getting notified of new lawsuits as soon as they are open to claims:

Submit Bipa Claim

Submit BIPA Claim: Claim Form Website