February 21, 2019 - Litigation, Privacy + Data Security

A Complete About-Face: Courts Disagree on Harm Requirement Under Biometric Privacy Law

A recent decision indicates that failure to comply with the Illinois biometric privacy law may expose businesses to significant liability, even where there has been no actual harm to the plaintiffs.

Can a user of a cloud-based photo-sharing and storage service sue the provider of that service for extracting and retaining, without consent, the user's facial scans from uploaded photos—even without any subsequent breach or sale of that data? How about an individual who is required to scan a fingerprint in order to use a season pass at an amusement park, also without any subsequent disclosure? In recent weeks, courts have given conflicting answers to these and similar questions under the Illinois Biometric Information Privacy Act (BIPA)—the United States' toughest biometric privacy law.

Read our client alert.