Tag: Biometric Information Privacy Act

Categories
Biometric Privacy Legal Landscape Case Law Developments Legislative Developments & Trends

Proposed Amendments to Colorado Privacy Act Rules + Landmark Ruling on Retroactive Application of BIPA Amendments

Colorado AG Releases Revisions to Draft Colorado Privacy Act Rules

The Colorado Attorney General’s Office released the second version of its proposed amendments to the Colorado Privacy Act rules. This round of revisions seeks to take into account concerns expressed through public input to the first draft of the amendments. The rules address two laws amending the Colorado Privacy Act that heightened protections for biometric data and children’s data that were signed into law in 2024. The amendments to the Colorado Privacy Act require businesses operating in Colorado to keep written policies on how they handle and dispose of biometric data and to provide consumers with notice of the collection of biometric information take effect July 1, 2025. The draft rules define the notice and consent requirements for biometric data, including notice and consent requirements for employees, contractors, and subcontractors. Amendments to the Colorado Privacy Act relating to children’s data take effect on October 1, 2025, and will require companies to use “reasonable care” to avoid harms to a consumer they know is under 18 and limit use and collection of minors’ data.


Blank Rome Secures Landmark Ruling on Retroactive Application of BIPA Amendments

A Blank Rome team representing DNJ Intermodal Services LLC prevailed in striking the complainant’s prayer for relief, which sought $1,000 or $5,000 for each of the thousands of times six plaintiffs allegedly had their hands scanned at work. Will County Judge Roger D. Rickmon found—perhaps the first among Illinois state judges—that a recent amendment to the Biometric Information Privacy Act (“BIPA” or “the Act”), which stipulates that a business collecting identical biometric data multiple times from the same person in violation of the law is liable for only a single violation, applies retroactively to claims that arose and were filed prior to August 2, 2024, the effective date of the Act. This landmark ruling shaves potential BIPA damages for most pending cases from astronomical damages of millions (or hundreds of millions) of dollars to $1,000 or $5,000 per person. The question of whether BIPA’s amendment applies retroactively is simmering in courts throughout the state of Illinois and is expected to eventually make its way up to Illinois’ Courts of Appeals and perhaps the Illinois Supreme Court. The Blank Rome team representing DNJ Intermodal Services LLC included Daniel SaeediRachel SchallerJeffrey N. Rosenthal, Amanda Noonan, and Gabrielle Ganze

To read more articles from the December 2024 edition of Blank Rome’s BR Privacy & Security Download, please visit our website.

Categories
Biometric Privacy Compliance Tips Biometric Privacy Legal Landscape Case Law Developments

Northern District of Illinois Weighs in on Employment-Related Examinations under Illinois’ GIPA

Gabrielle N. Ganze |

In an important privacy law development, United States District Court for the Northern District of Illinois, Judge Sharon Johnson Coleman, has issued two of the first federal decisions applying a substantive analysis to provisions of the Illinois Genetic Information Privacy Act, 410 ILCS 513/1 et seq. (“GIPA”) as it relates to employment-related examinations.

Continue reading “Northern District of Illinois Weighs in on Employment-Related Examinations under Illinois’ GIPA”
Categories
Biometric Privacy Legal Landscape Case Law Developments The Lighter Side of Biometrics

Monthly BIPA Filings: April 2024

Daniel R. Saeedi |

Biometric Information Privacy Act (“BIPA”) filings continue to occur in the Illinois courts. April saw 53 new BIPA complaints filed in Illinois, the vast majority of which were brought in Cook County. 

  • Facial geometry cases continue to rise, with eight explicit face scan cases being filed, and an additional twelve cases that hint at facial recognition technology. 
  • The transportation industry continues to be the sector seeing the most BIPA complaints filed against it (18), with the food, health, and beauty sectors also being hit with multiple BIPA claims.

Companies using any form of biometric technology in Illinois should be aware of this highly litigious environment and make sure that such use is in compliance with the law. This is especially true for businesses operating in the transportation, trucking, and logistics sectors, given the above trends.

Categories
Biometric Privacy Legal Landscape Case Law Developments

$228M Damages Award Vacated in First BIPA Trial

Karen H. Shin |

The U.S. District Court of the Northern District of Illinois vacated a $228 million damages award in Rogers v. BNSF Railway Co., the first case tried to a verdict under the Illinois Biometric Information Privacy Act (“BIPA”). In Rogers v. BNSF Railway Co., rail workers alleged that BNSF Railway Co. (“BNSF”) collected their biometric information without informed consent. The jury found that BNSF had recklessly or intentionally violated BIPA 45,600 times (one violation per class member). BIPA provides that intentional or reckless violations of BIPA may result in liquidated damages of $5,000 or actual damages, whichever is greater.

The prior award resulted from multiplying the number of BIPA violations by $5,000 to arrive at $228 million. While the court upheld the verdict that the company violated the BIPA, it held that damages were discretionary under BIPA (due to the term “may”) and ordered a new trial limited to the question of damages.

To read more articles from the August 2023 edition of Blank Rome’s BR Privacy & Security Download, please visit our website.

Categories
Biometric Privacy Legal Landscape Case Law Developments Class Action Litigation Defense Strategies

First Biometric Privacy Jury Trial Results in Massive $228 Million Dollar Verdict

Amanda M. Noonan |

A federal district court in the Northern District of Illinois conducted the first-ever jury trial in an Illinois Biometric Information Privacy Act (“BIPA”) case. On October 12, 2022, the jury returned a verdict for the plaintiff—and more than 45,000 class members—regarding defendant BNSF Railway’s (“BNSF”) reckless violations of BIPA. See Rogers v. BNSF Railway Co., No. 1:19-cv-03083 (N.D. Ill. Oct. 12, 2022). Plaintiffs’ claims centered on BNSF’s collection of fingerprints to verify their identities and allow access to BNSF’s facilities without obtaining their written consent, as required under BIPA Section 15(b).

After a five-day trial—and only an hour of deliberations—the jury found BNSF not only violated BIPA 46,500 times, but did so intentionally or recklessly under 735 ILCS 14/20(2). The jury’s finding on that issue quintupled plaintiff’s damages award to $5,000 per violation, as opposed to $1,000 per negligent violation. As a result, District Judge Matthew Kennelly entered a $228 million dollar damages award in plaintiffs’ favor following the verdict. BNSF has stated it intends to appeal.

The implications of the verdict loom large. On the plaintiff’s side, counsel will likely increase the already large-scale BIPA filings and push for higher settlement amounts, using the prospect of a successful jury trial as a bargaining chip. Given the stakes, BIPA defendants may be more inclined to seek early resolution once named in a BIPA class action to avoid a bet-the-company litigation at all costs.

Considering the verdict, early compliance efforts by companies implementing biometric technology are even more crucial to avoid BIPA litigation in the first instance. Significantly, companies using any technology that could arguably constitute biometrics—regardless of the sophistication—may be targeted by zealous plaintiff’s attorneys seeking to join the ever-increasing cascade of BIPA class action filings. Biometrics privacy counsel should thus be consulted to address compliance strategies to protect against the catastrophic risks of a BIPA verdict at the earliest possible opportunity.

Categories
Case Law Developments

Illinois Appellate Court Clarifies Applicable Limitations Period in BIPA Class Action Litigation

David J. Oberly |

On September 17, 2021, the Illinois Appellate Court First District delivered its much-anticipated decision in Tims v. Black Horse Carriers, Inc., 2021 IL App (1st) 200563 (1st Dist. Sep. 17, 2021), addressing the applicable statute of limitations for causes of action asserted under the Illinois Biometric Information Privacy Act (“BIPA”).

The court held that claims brought under Sections 15(a), (b), and (e)—pertaining to the law’s privacy policy/data destruction, notice/consent, and data security requirements—are subject to a five-year statute of limitations. Conversely, claims asserted under Sections 15(c) and (d)—relating to the law’s ban on profiting from biometric data and disclosure limitations—are subject to a one-year limitations period.

Importantly, in finding that BIPA’s two most commonly asserted provisions, Sections 15(a) and (b), are subject to the longer five-year limitations period, the opinion ensures that the tsunami of class action BIPA filings will continue to flood the courts for the foreseeable future.

Continue reading “Illinois Appellate Court Clarifies Applicable Limitations Period in BIPA Class Action Litigation”
Exit mobile version