The use of biometric data has become pervasive, commonplace, and socially acceptable. In most jurisdictions, few legal hurdles exist to implementing biometric technology, but Illinois has passed the strongest biometric privacy law in the United States—the Illinois Biometric Information Privacy Act (“BIPA”). In adopting BIPA, the Illinois legislature recognized unforeseeable uses and abuses of biometric data and understood that biometric data must be fiercely protected because unlike other personal information, biometric data cannot be changed when compromised. Most importantly, BIPA includes a private right of action.
Although BIPA has existed for over a decade, its significance increases as the use of biometric technology spreads. Today, biometric technologies are booming; they are becoming more accessible, cost-efficient, and effective. This exciting time for technological advancement coincides with heightened legal risk. In 2018, the Illinois Supreme Court held in Rosenbach v. Six Flags Entertainment Corp., et. al. that technical and procedural violations of BIPA are sufficient to establish statutory standing to sue, regardless of actual harm. This ruling, which essentially allows no-injury class actions, has emboldened plaintiffs (and the plaintiffs’ bar) to file more BIPA lawsuits than ever before. Accordingly, the number of class action complaints will rapidly increase in the coming years.
Biometric technology may sound somewhat futuristic, but it is gaining traction in many applications. Several examples of biometric technology being implemented include
Hahn Loeser’s Biometric Privacy Practice Group provides three primary areas of service to its clients.