Recent judicial interpretations of the Illinois Biometric Information Privacy Act (“BIPA”), 740 ILCS 14, present potential litigation risks for retailers who employ biometric-capture technology, such as facial recognition, retina scan or fingerprint software. Federal judges in various district courts have allowed BIPA cases to move forward against companies such as Facebook, Google and Shutterfly, and retailers who use biometric data for security, loss prevention or marketing purposes may also become litigation targets as federal judges decline to narrow the statute’s applicability and additional states consider passing copycat statutes.
Biometric Privacy Laws on the Books
Currently, Illinois (BIPA), Texas (the Texas Statute on the Capture or Use of Biometric Identifier, Tex. Bus. & Com. Code Ann. § 503.001) and Washington (H.B. 1493, 2017 Sess. (Wash. 2017)) are the only states that have statutes addressing the collection of biometric information by private businesses. Retailers face significant financial exposure for cases brought as class actions under BIPA—the statute permits statutory damages of $1,000 for negligent violations and $5,000 for reckless or intentional violations. The Texas and Washington statutes expose retailers to potential civil penalties through attorney general enforcement actions. Because BIPA is the only one of these laws to provide a private cause of action, it has attracted the most litigation.
Recent Court Decisions
Most recently, on September...
