(The Center Square) – Illinois lawmakers are looking at ways to change their state’s biometric privacy law after complaints from businesses and hundreds of lawsuits.
Members of the Senate Judiciary’s subcommittee on privacy met Monday to hear arguments on Senate Bill 300.
Sponsored by Sen. Jason Barickman, R-Bloomington, the bill would give an entity 30 days to correct a potential infraction of the Biometric Information Privacy Act before a person could file a lawsuit against them unless there was a breach of the information. It would also give legal protection to companies that store biometric information in the form of algorithms. If accessed by a hacker, those groups of numbers would be meaningless, said Clark Kaericher, vice president of government affairs at the Illinois Chamber of Commerce.
“You can take a fingerprint scan and store it as a sequence of meaningless numbers,” he said. “We should encourage companies to do that.”
Supporters of the current BIPA statute said it represents meaningful consumer protections and shouldn’t be diluted so businesses can skirt them.
“BIPA has been working exactly as intended since the day it was passed,” said Sapna Khatri, counsel for ACLU of Illinois. “The law does not ban the use of biometric technology. It was never meant to cripple businesses and it has not killed innovation.”
Some technologies are deactivated in Illinois in an effort to stay out of an Illinois courtroom. Nest’s security camera technology, for instance, disables a facial recognition feature that allows the user to “recognize” a face, allowing a door to automatically unlock. It disables the feature when connecting to an IP address located in Illinois.
Enacted in 2008, Illinois’ Biometric Information Privacy Act bans the attainment of a person’s unique bodily information and storing it without the person’s consent. Unlike other similar laws, BIPA is the only one that allows for a private lawsuit rather than action from a state’s attorney general. The punishments are $1,000 or $5,000 per instance of breach.
The most recent high-profile BIPA settlement saw social media giant Facebook paying out $650 million to nearly $1.6 million users. The lawsuit accused the California-based company of storing the facial data from users in order to suggest tagging the user in other pictures.
The law laid mostly dormant until a 2019 Illinois Supreme Court ruling against Six Flags Great America stated that a plaintiff may file a lawsuit under BIPA without proving they were monetarily harmed. Since then, the number of lawsuits claiming breaches of the law had increased significantly.
“There have been more than 1,000 BIPA actions filed in federal court since mid-2017,” said Melissa Siebert, an attorney at Shook, Hardy, and Bacon that specializes in defending BIPA lawsuits. “In the last six months alone, there have been 239 new BIPA class-actions filed.”
She said the majority of the cases involve Illinois employers.