() – The Illinois legislature has approved changes to the state’s strict Biometric Information Privacy Act (BIPA), but some say they didn’t go far enough.
Currently, a company that violates BIPA’s protections is subject to damages for each instance of the collection of an individual’s biometric data without a person’s consent.
The highest profile case was against White Castle and its use of fingerprint time clocks. The Illinois Supreme Court ruled that the company could be liable for $17 billion in damages. A federal judge preliminarily approved a $9.4 million settlement in the case.
Other companies that were slapped with lawsuits included Facebook, which settled for $650 million over its facial tagging feature, and Google, which settled a case involving a feature with Google Photos for $100 million.
The amendment to Senate Bill 2979 approved in the General Assembly switches a BIPA violation from a per-scan to a per-person penalty. Another change would allow companies to obtain consent electronically, and no longer require them to get written consent for the collection of biometric data.
State Rep. Abdelnasser Rashid, D-Bridgeview, said Illinoisans biometric data will still be protected.
“But it adds much needed clarity that helps small businesses operate in a more predictable regulatory environment,” said Rashid. “I know that many small business owners will be relieved to see this measure pass.”
Following months of urging lawmakers to fix the flawed bill and protect small businesses from annihilative lawsuits, the Technology and Manufacturing Association (TMA) is now calling on Gov. J.B. Pritzker to sign the bill into law.
“Many of the small and midsize manufacturers who have been impacted by BIPA are second and third generation manufacturers who don’t have the legal department and have been subject to annihilative lawsuits that made many get to a point where they had to consider closing their doors, but this new law fixes that from continuing to happen,” said TMA lobbyist David Curtin.
Some House Republicans said the bill doesn’t go far enough and should apply retroactively to help some of the businesses that have been hit with massive fines. State Rep. Dan Ugaste, R-Geneva, said he wants his biometric data protected as much as the next person.
“But I also don’t believe a company should be penalized when no actual harm has been done and they’ve taken steps to remedy things and we’re allowing the lawsuits because of a simple mistake,” said Ugaste.