November 28, 2021

Volume XI, Number 332

Advertisement
Advertisement
Advertisement

Litigation Update on Illinois’ Biometric Information Privacy Act

Earlier this year, we reported on the potential breeding ground for litigation under Illinois’ Biometric Information Privacy Act (“BIPA”).  A recent decision from an Illinois state appellate panel on the different limitations periods that apply to BIPA provides guidance for companies faced with a BIPA lawsuit and the arguments they can make on a motion to dismiss.

In Tims et al. v. Black Horse Carriers, Inc., plaintiff Tims, defendant’s former employee, brought a class action lawsuit against Black Horse Carriers, Inc. under BIPA, alleging defendant violated sections 15(a), (b), and (d) of BIPA when it used fingerprint scanning in its employee timekeeping.  Black Horse Carriers moved to dismiss, arguing that the complaint was filed outside the one-year limitation period of section 13-201 of the Illinois Code of Civil Procedure, which applies a one-year limitation period for “[a]ctions for slander, libel or for publication of matter violating the right of privacy.”  Tims argued that the five-year limitation period in section 13-205 for “all civil actions not otherwise provided for” of the Code applies because section 13-201 only governs privacy claims with a publication element.

The trial court denied Black Horse Carriers’ motion to dismiss, holding section 13-205 applied to an alleged BIPA violation.  While the trial court denied defendant’s motion for reconsideration of its motion to dismiss, the court certified the following question on appeal: does the limitation period in section 13-201 or section 13-205 apply to claims under BIPA?

The appellate panel held that “section 13-201 applies to public disclosure of private facts, appropriation of the name or likeness of another, and false-light publicity.”  Accordingly, section 13-201 does not encompass all privacy actions, but rather only those where publication is an element or inherent part of the action.  Turning to BIPA, the panel held that a party could “violate section 15(a) by failing to develop a written policy establishing a retention schedule and destruction guidelines, section 15(b) by collecting or obtaining biometric data without written notice and release, or section 15(e) by not taking reasonable care in storing, transmitting, and protecting biometric data.”  However, a plaintiff could bring an action under any of these sections without alleging or proving that the defendant “published or disclosed any biometric data to any person or entity beyond or outside itself.”

Conversely, “publication or disclosure of biometric data is clearly an element of an action under section 15(d) of the Act, which is violated by disclosing or otherwise disseminating such data absent specified prerequisites such as consent or a court order.”  Similarly, section 15(c)’s prohibition on “sell[ing], leas[ing], trad[ing], or otherwise profit[ing] from” biometric data includes the “publication, conveyance, or dissemination of such data.”

Accordingly, the panel held that section 13-201 governs actions under sections 15(c) and (d) of BIPA – claims based on unlawful profiting or disclosure.  Section 13-205, on the other hand, governs actions under sections 15(a), (b), and (e) of BIPA – retention policy, informed consent, and safeguarding claims.

The panel concluded that each subsection of BIPA imposes “separate and distinct” duties and a plaintiff can potentially “collect multiple recoveries of liquidated damages.”  Given that the panel’s ruling was limited to the certified question; however, it is unclear the weight other courts will give to the panel’s statement on recovery.  Companies should keep an eye out for the Seventh Circuit’s decision in Cothron v. White Castle, No. 20-3202, which will decide whether each scan of an employee’s biometric information is a separate violation of BIPA sections 15(b) and (d), and thus when a BIPA claim accrues for purposes of applying the limitations periods determined in Tims.

© 2021 Proskauer Rose LLP. National Law Review, Volume XI, Number 277
Advertisement
Advertisement
Advertisement
Advertisement
Advertisement
Advertisement

About this Author

Brooke G. Gottlieb Litigation Proskauer
Associate

Brooke Gottlieb earned a J.D. from New York University School of Law, where she was a cyber security scholar and served as an executive editor of the Journal of Legislation and Public Policy. While attending law school, Brooke worked as a research assistant for Professor Arthur R. Miller on his Federal Practice and Procedure treatise and was an extern at the U.S. Attorney’s Office for the Southern District of New York. She also earned a B.A. from Barnard College.

212-969-3257
Advertisement
Advertisement
Advertisement