The Illinois Senate recently passed a very important change to the state’s Biometric Information Privacy Act (BIPA) in response to a call from the state Supreme Court to clarify the law.
The court’s decision came after high-profile cases, including one involving White Castle. Under BIPA, the company faced potential penalties of up to $17 billion for using employee fingerprints without proper consent.
Illinois Senate advances changes to biometric privacy law (Credits: Biometric Update)
Senate Bill 2979, passed with bipartisan support, modifies how violations under BIPA are calculated. Instead of each scan constituting a violation, each initial collection of biometric data will now count as one violation. This change addresses concerns about excessive penalties and the frequency of breaches due to the routine use of biometric data in various tasks.
Illinois is the only state allowing residents to sue over improper biometric data collection, whether as employees or customers. Businesses can violate BIPA by not obtaining written consent, lacking storage policies, or failing to protect collected data.
The push for changes to BIPA intensified due to thousands of lawsuits filed since 2018, resulting in substantial settlements like Facebook’s $650 million payout to Illinois residents.
Recent court rulings, including a five-year statute of limitations and defining each data collection instance as a separate violation, spurred calls for legislative clarity.
Illinois Biometric Information Privacy Act (Credits: TermsFeed)
While some business groups support the amendments to BIPA, others argue for more comprehensive changes, especially regarding retroactive application and liability exemptions for data centers.
Despite these debates, the bill’s passage in the Senate signals progress toward addressing the legal complications surrounding biometric data privacy in Illinois.
