- FTC Scrutinizes Children’s Privacy Issues Involving Education Technology
- Utah Becomes the Fourth State to Enact a Comprehensive Privacy Law
- Courts Requiring General and Professional Liabilities Policies to Respond to Cyberattacks
- The US and EU Announce a New Trans-Atlantic Data Privacy Framework
- BIPA Claims Following the McDonald Decision
- NY Attorney General Offers Guidance on Dealing with Credential Stuffing
- “Silent Cyber” Continues to Make Noise in State Appellate Courts
- The FBI Warns M&A Participants on the Increasing Ransomware Threat
- FTC Updates Safeguards Rule for Non-Banking Financial Institutions
- The DOJ’s Civil Cyber-Fraud Initiative
Legal developments in data, privacy, cybersecurity, and other emerging technology issues
This is a follow-up to the June 23, 2021 Litigation Trends Analysis Alert, “How the IWCA Impacts BIPA Claims.” As noted there, the question before the Supreme Court of Illinois in McDonald was whether claims of injury under the Illinois Biometric Information Privacy Act (BIPA) fall under the scope of the Illinois Workers’ Compensation Act (IWCA). The Court ruled last month that the BIPA is not preempted by the IWCA.
The BIPA imposes restrictions on how companies collect, retain, disclose, and destroy biometric information. Under the BIPA, individuals have a private right of action and may sue to recover monetary damages. The IWCA is a remedial statute that allows an employee to recover from an employer for work-related injuries. The IWCA provides that the statutory remedies are the exclusive remedy, but one of the ways an employee can escape the exclusivity provision is if the employee establishes that the injury was “not compensable” under the IWCA.
In September 2020, the Illinois Appellate Court narrowed in on this exclusive remedy exception and found that a BIPA claim seeking statutory damages is not an injury compensable under the IWCA, and therefore BIPA claims are not barred by the IWCA. See McDonald v. Symphony Bronzeville Park LLC, 2020 IL App (1st) 192398, appeal allowed, 163 N.E.3d 746 (Ill. 2021). The Illinois Supreme Court granted leave to appeal this ruling, and issued a decision on February 3, 2022.
The Supreme Court of Illinois held that the IWCA does not preempt claims for damages under the BIPA, crushing a key defense that employers typically use to combat employee BIPA claims. McDonald v. Symphony Bronzeville Park, LLC, 2022 IL 126511. In so holding, the Court found that a BIPA injury is “not compensable” under the IWCA. This decision increases the likelihood of employer liability for statutory injuries under the BIPA. Employees asserting BIPA claims can recover, for each negligent violation, $1,000 in liquidated damages or their actual damages, whichever is greater, or for each reckless violation, $5,000 in liquidated damages or their actual damages, whichever is greater. 740 ILCS § 14/20.
BIPA noncompliance becomes more costly under this new regime. For some entities, including government agencies, BIPA does not apply. The scope of BIPA exclusions will become a hot trend in 2022 as companies face lawsuits and seek to avoid liability. Another trend that may trigger a new wave of BIPA litigation is the use of smart dashcams and vehicle cameras. See Arendt et al. v. Netradyne Inc., No. 2022-CH-00097 (Cook County, Illinois) (alleging that the camera device monitors the driver without consent); See also Hernandez v. Omnitracs, LLC, No. 1:22-cv-00109 (Northern District of Illinois) (alleging that the telematics hardware collects and scans a driver’s facial geometry to analyze driving behavior).
This new wave of BIPA claims and arguments related to the scope of BIPA exclusions are expected to continue this year. Honigman’s Data, Privacy and Cybersecurity team is continuing to monitor BIPA litigation developments and how those trends will impact our clients.