On August 2, the Governor of Illinois signed an amendment to the Biometric Information Privacy Act (BIPA), primarily revising Sections 10 and 20 of BIPA. The amendment took effect on the same day. This article introduces the key contents of the amendment.
Determination of the Number of Violations
The focus of this amendment is on the determination of the number of violations, which will reduce the damages in BIPA class action lawsuits. Specifically, if a private entity repeatedly uses the same collection method in violation of the Act to collect, capture, purchase, receive through trade, or otherwise obtain the same biometric identifier or biometric information from the same person, or if it discloses, rediscloses, or otherwise disseminates the same person’s same biometric identifier or biometric information to the same recipient in violation of the Act, the entity will be considered to have committed only one violation, and the victim can only receive compensation once under this provision. This applies regardless of how many times the private entity discloses, rediscloses, or otherwise disseminates the same person’s same biometric identifier or biometric information to the same recipient. Here, a private entity refers to any individual, partnership, corporation, limited liability company, association, or other organization, excluding state or local government agencies or any court, clerk, or judge of Illinois.
Before the amendment, a plaintiff could claim that each violation of BIPA by using biometric technology constituted a separate violation. For example, if a company required employees to use fingerprint or facial recognition time clocks without first obtaining consent that complies with BIPA, employees could receive compensation for each time they clocked in. After the amendment, employees can claim compensation only once under the same circumstances when suing a company. This amendment directly responds to the Illinois Supreme Court’s decision in Cothron v. White Castle Systems. That ruling found that each unauthorized collection, storage, and/or use of biometric information without proper consent constituted a separate “single scan” for compensation. However, under the new provisions of the amendment, multiple collections of biometric data from the same person will be considered a single violation and limited to one compensation, significantly reducing the potential BIPA damages that companies may face.
Electronic Signature
The amendment introduces the concept of "electronic signature" and designates it as one of the methods for obtaining written consent. An electronic signature refers to a sound, symbol, or process recorded electronically that is used or adopted by the signer for the purpose of signing. By allowing "electronic signatures" as a method for obtaining written consent under BIPA, the amendment provides businesses with greater flexibility in drafting their BIPA compliance documents. However, even before the amendment, many companies were already using electronic forms to obtain consent under the Electronic Commerce Security Act (ECSA). This revision formally confirms this practice within the BIPA framework.
Kaamel will continue to monitor the latest developments in the Act, committed to providing you with the latest information and updates on privacy protection. Please stay tuned to our updates as we bring you more related information on privacy protection. Stay tuned!
