March 28, 2023

Volume XIII, Number 87


March 27, 2023

Subscribe to Latest Legal News and Analysis

A New York BIPA in the Making?

On January 6, 2021, a group of seventeen democrats and seven republicans introduced in the New York assembly a new bill, A.B. 27, the “Biometric Privacy Act.” The bill (available for download here) is very similar to the Illinois Biometric Information Privacy Act (“BIPA”) which has spawned much litigation, including many class actions lawsuits.  In summary, the bill proposes to regulate private entities’ use of “biometric identifiers” and “biometric information,” which are terms that are specifically defined in the bill by reference to the types of data that each term includes and excludes.

If enacted in its current form, the bill would become only the second biometric privacy act in the United States to provide a private right of action and plaintiffs’ attorneys’ fees for successful litigants.

The new bill, which has been characterized as a “carbon copy” of BIPA, provides for a private right of action by any person aggrieved by a violation.

A prevailing party may recover for each violation:

  • against a private entity that negligently violates a provision of the law, liquidated damages of $1,000 or actual damages, whichever is greater;

  • against a private entity that intentionally or recklessly violates a provision of the law, liquidated damages of $5,000 or actual damages, whichever is greater.

In addition, the prevailing party may recover reasonable attorneys’ fees and costs, including expert witness fees and other litigation expenses; and may obtain other relief, including an injunction, as the court may deem appropriate.

It remains to be seen if this new biometric privacy bill will pass as drafted. According to a recent article by Law 360, New York lawmakers have unsuccessfully proposed biometric privacy bills three times previously since early 2018.

A.B. 27 is currently heading to the standing committee on consumer affairs and protection for consideration.

We will keep you posted on further developments.

© Copyright 2023 Squire Patton Boggs (US) LLPNational Law Review, Volume XI, Number 28

About this Author

Lydia de la Torre Data Privacy & Cybersecurity Attorney Squire Patton Boggs Palo Alto, CA
Of Counsel

Lydia de la Torre provides strategic privacy compliance advice related to US and EU privacy, including data protection and cybersecurity law, General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA), other state’s privacy and cyber laws, US financial privacy laws, and marketing and advertising compliance, as well as information security. She also represents clients in investigations with an eye toward helping them avoid litigation.

Lydia’s work in-house and with organizations has run the gamut, from pre-IPO start-ups to mature Fortune 500 companies, in a...