The Illinois legislature is proposing changes to the Biometric Information Privacy Act (“BIPA”) after the Illinois Supreme Court asked the General Assembly to clarify the law in its earlier White Castle ruling. The court in White Castle held that BIPA violations accrue with every unauthorized scan or transmission of a biometric identifier or biometric information. This could result in damages as high as $17 billion for White Castle. This astronomical figure, along with other high profile settlements, such as Facebook’s $650 million class-action settlement, have driven a push for BIPA reform. The court in White Castle deferred to the legislature, suggesting that the legislature “make clear its intent regarding the assessment of damages under” BIPA. These clarifications are now being proposed. 

  • Proposed Reforms: Senator Cunningham’s proposed Bill 2979 addresses the issue of violation accrual and proposes that the initial collection or transmission of biometric identifiers or biometric information constitute one violation rather than having each subsequent violation of the same identifier or information constitute a new violation. This could significantly decrease potential damages. For example, in White Castle, the proposed $17 billion damages amount would be reduced to somewhere between $10 and $50 million.
  • Reaction and Support: Business groups and legislators have previously disagreed on proposed changes to BIPA, including a previous proposal by Senator Cunningham which would have similarly placed a cap on accrual but would also increase damages for negligent violations. Other members of the Illinois legislature have expressed interest in changing BIPA. For example, State Representative Ann Williams backs proposed reforms, but has emphasized the importance of “keeping the basic premise of the law intact” and continuing to protect individual privacy.
  • Takeaway: It is likely we will see changes to BIPA, with legislators attempting to strike a balance between keeping in line with the spirit of the law in protecting privacy and addressing business concerns. The ongoing dialogue reflects the evolving challenges presented by new technology and the need for laws that provide the ability to navigate changing technological landscapes.