Since the Seventh Circuit’s seminal decision clarifying federal standing requirements for biometrics lawsuits earlier this year, federal cases brought under the Illinois Biometric Information Privacy Act (BIPA) increased. To avoid this trend, social media and technology companies collecting and using biometrics would be wise to review their BIPA compliance practices, especially how they obtain informed, written consent under Section 15(b).
Enacted in 2008, the Illinois legislature sought to protect biometric identifiers, such as face geometry and voiceprints, from identity theft and other harms. Two recent cases then made bringing these suits easier.
First, in 2019, the Illinois Supreme Court in Rosenbach v. Six Flags Entertainment Corp. held that a plaintiff can be considered an “aggrieved person” under the statute and “be entitled to liquidated damages and injunctive relief” without alleging an actual injury. Then, in May 2020, the U.S. Court of Appeals for the Seventh Circuit in Bryant v. Compass Group USA, Inc. clarified that such a person has suffered an injury-in-fact sufficient to support standing under BIPA Section 15(b). The federal complaints, typically class actions seeking liquidated damages, followed.
According to Bloomberg Law Dockets, only about 10 federal complaints in 2018 alleged a BIPA claim. In 2019, that more than doubled to 28. This year has already seen at least 58 BIPA complaints, nearly half of which are complaints against Tik Tok Inc. and ByteDance Inc. for their collection of face templates and voiceprints, allegedly without consent.
Given this trend, technology companies using biometrics should review their informed consent practices. Doing so may help avoid involvement in the the growing number of BIPA class actions filed in (or removed to) federal court.
If you’re reading this on the Bloomberg Terminal, please run BLAW OUT <GO> in order to access the hyperlinked content.