The Illinois Biometric Information Privacy Act (BIPA) is supposed to make sure businesses correctly collect and store biometric identifiers, like facial recognition and fingerprints. Instead, plaintiffs’ lawyers have taken advantage of the law to file hundreds of lawsuits against businesses of all sizes.
Two recent Illinois Supreme Court rulings will make it even easier for plaintiffs’ lawyers to file more lawsuits seeking higher damages awards. At the same time, businesses that can’t afford to spend time and money fighting those lawsuits or are unwilling to face the threat of a “damages award that would result in the financial destruction of a business” will be forced to settle for hundreds of thousands or even millions of dollars.
In early February, the court ruled in Tims v. Black Horse Carriers that plaintiffs have five years to file a BIPA lawsuit rather than only one year. An article in Law360 explained the ruling means “that [it] could be years before the BIPA gold rush peters out for the class action plaintiffs’ bar.”
The second troublesome decision from the court, Cothron v. White Castle Systems Inc., was whether White Castle should be penalized every time it allegedly collected a fingerprint scan of thousands of employees without consent or only once per employee. The divided court held that a new violation occurs with each instance of improper collection or transmission of biometric data. White Castle estimates it now faces $17 billion in damages.
The court had little sympathy for that eye-popping amount. As reported in The Wall Street Journal, it ruled that “any policy concerns about ‘potentially excessive damage awards’ should be addressed by the state legislature.” The majority did so despite recognizing that “the consequences [of its decision] may be harsh, unjust, absurd, or unwise.”
What does this mean for the future of BIPA litigation? More lawsuits and higher damages awards. According to a defense attorney quoted in the article, “the floodgates have been opened.” He predicts there will be a massive wave of class action litigation, and plaintiffs’ lawyers will demand higher settlements.
As the U.S. Chamber of Commerce and the Illinois Chamber warned in a joint amicus brief in the White Castle case, this type of ruling would lead to damages awards that “ruin, rather than deter” companies.
BIPA is highly complex; one small, technical mistake can result in a business facing thousands of dollars in damages—per violation. The law doesn’t even allow businesses the chance to correct any mistake, no matter how small, before they face a lawsuit. And the problem is only getting worse: A 2021 ILR research paper, A Bad Match: Illinois and the Biometric Information Privacy Act, found that BIPA-related lawsuits skyrocketed after the Illinois Supreme Court ruled in 2019 that plaintiffs only needed to claim a business violated the law and not show they suffered actual harm.
Plaintiffs’ lawyers who see BIPA lawsuits as an easy way to reap millions of dollars in fees are cheering these decisions. Unfortunately, while consumers and businesses want to live in the digital world, the Illinois Supreme Court is forcing them back into the analog past.
BIPA should be a lesson in what not to do—allow courts to open the floodgates, enabling the trial bar to bring a torrent of lawsuits upon businesses.