Friend
Professional
- Messages
- 2,653
- Reaction score
- 850
- Points
- 113
The controversial changes provoked an immediate reaction from lawyers.
The state of Illinois, USA, has reduced penalties for violations of the strict Biometric Privacy Act (BIPA), which came into force back in 2008. This law prohibits companies operating in Illinois from collecting, using, storing, and transmitting biometric data, such as retinal, facial, fingerprint, and voice fingerprint scans, without proper notice and consent.
Previously, violators faced fines of $1,000 for each negligent violation and $5,000 for intentional or negligent violations. Fresh changes to the law, signed by Governor J. B. Pritzker in June, suggest that several cases of transferring data of one person will be considered one violation, for which there is also a single penalty from now on, and not for each sale separately.
Alan L. Friel, vice chairman of the data privacy and cybersecurity practice at law firm Squire Patton Boggs, criticized the changes. In his commentary for the National Law Review, he noted that the new system of fines will be unprofitable for plaintiffs ' lawyers, as it will significantly reduce potential losses and reduce the cost of settling claims.
However, the business community welcomes these changes. The Institute of Information Technology and Innovation (ITIF) believes that such easing is a positive step. ITIF Senior Policy Manager Ash Johnson noted that BIPA is an example of an overly strict privacy law. In her opinion, significant fines for minor violations and private lawsuits created multimillion-dollar settlements.
Johnson added that the new amendment makes the law a little better, but its very existence discourages businesses in Illinois from using biometric data. In her opinion, a federal data protection law is needed that would replace such laws as BIPA and protect all forms of personal data without hindering innovation.
One of the most famous cases on BIPA was a lawsuit against Meta for using the names of six million Illinois residents in photos posted on Facebook. Meta settled the case, paying $550 million, which, compared to the company's revenue of $13.5 billion for the last quarter, was a small amount.
However, not all BIPA lawsuits are successful. In July 2023, the court dismissed a lawsuit filed by an Illinois resident against McDonald's, claiming that their automated parking terminals violated BIPA.
Source
The state of Illinois, USA, has reduced penalties for violations of the strict Biometric Privacy Act (BIPA), which came into force back in 2008. This law prohibits companies operating in Illinois from collecting, using, storing, and transmitting biometric data, such as retinal, facial, fingerprint, and voice fingerprint scans, without proper notice and consent.
Previously, violators faced fines of $1,000 for each negligent violation and $5,000 for intentional or negligent violations. Fresh changes to the law, signed by Governor J. B. Pritzker in June, suggest that several cases of transferring data of one person will be considered one violation, for which there is also a single penalty from now on, and not for each sale separately.
Alan L. Friel, vice chairman of the data privacy and cybersecurity practice at law firm Squire Patton Boggs, criticized the changes. In his commentary for the National Law Review, he noted that the new system of fines will be unprofitable for plaintiffs ' lawyers, as it will significantly reduce potential losses and reduce the cost of settling claims.
However, the business community welcomes these changes. The Institute of Information Technology and Innovation (ITIF) believes that such easing is a positive step. ITIF Senior Policy Manager Ash Johnson noted that BIPA is an example of an overly strict privacy law. In her opinion, significant fines for minor violations and private lawsuits created multimillion-dollar settlements.
Johnson added that the new amendment makes the law a little better, but its very existence discourages businesses in Illinois from using biometric data. In her opinion, a federal data protection law is needed that would replace such laws as BIPA and protect all forms of personal data without hindering innovation.
One of the most famous cases on BIPA was a lawsuit against Meta for using the names of six million Illinois residents in photos posted on Facebook. Meta settled the case, paying $550 million, which, compared to the company's revenue of $13.5 billion for the last quarter, was a small amount.
However, not all BIPA lawsuits are successful. In July 2023, the court dismissed a lawsuit filed by an Illinois resident against McDonald's, claiming that their automated parking terminals violated BIPA.
Source
