The Illinois Biometric Information Privacy Act Remains Firm as Attempt at Reform was Halted
The Illinois House of Representatives failed to read Illinois House Bill 559 (“HB 559”) by the April 23, 2021 “third reading” deadline, effectively terminating a bill that had the potential to limit the nation’s most significant biometric privacy law, the Illinois Biometric Information Privacy Act (“BIPA”). HB 559 was historic in that it was the first proposed BIPA amendment to pass in the Judiciary-Civil Committee and return to the House floor, where it passed second reading and was slated to be read for a third time last week, and voted upon by the House. When the bill was not given a third reading in the House session last week, it failed and will be labeled “sine die,” meaning that the earliest chance for BIPA reform is 2022. Even so, for a BIPA amendment to advance this far in the legislative process shows that support for BIPA reform is growing, and we will likely see similar bills come down the pipeline in the coming years.
HB 559 was the first proposed BIPA amendment that had bipartisan backing, and supporters had been optimistic that HB 559 was going to be successful. Had HB 559 been read last week, the House would have voted on HB 559. If the House voted in favor of HB 559, it would have subsequently gone to the Senate for a vote, and ultimately the Illinois Governor would have signed the bill into law or exercised his veto power to terminate it.
Proponents for BIPA reform emphasize that costly settlements from BIPA violations grossly outweigh the debatable harm resulting from technical violations of BIPA, which generally provide that a private entity must obtain written consent and disclose their retention policies prior to taking or obtaining an individual’s biometric information (i.e., fingerprints, faceprints, and more). While BIPA originated in 2008 in response to concerns over privacy risks in financial transactions, the majority of BIPA lawsuits filed to date have been in the employment context. HB 559 proposed changes to temper the recent flood of BIPA litigation, emphasizing compliance and good practices in dealing with biometric information. As it currently stands, BIPA is the only biometric privacy law in the nation that provides a private right of action and allows a plaintiff to recover $1,000 for each negligent violation of BIPA and $5,000 for each reckless violation of BIPA, or actual damages, whichever is greater. As such, BIPA has allowed for colossal, debilitating settlements in suits for technical violations of BIPA.
BIPA was enacted to address the concerns that if biometric data is regularly utilized, there must be heightened privacy measures to protect these identifiers that, once compromised, cannot be changed like a social security number or bank account. With the increase in biometric technology, privacy has never been more of a concern. Amazon just announced they are starting to test payment by palm scans at Seattle Whole Foods locations. Every day, online exam proctoring software scan test takers’ facial geometry. Use of biometric information is expanding at an exponential rate, and the technology is nearing commonplace. With Illinois as a pioneer in biometric privacy protections, all eyes are on BIPA and efforts to reform it.