Why Business is Concerned About the Biometric Information Law
NOTE: This story was originally posted for subscribers only. To receive subscriber-only newsletters and content, click here.
A recent Illinois Supreme Court ruling exposed gaping holes in the 2008 Biometric Information Privacy Act (BIPA). The ruling essentially said fast food company White Castle violated state law by requiring employees to clock in and clock out using a fingerprint scanner. The real issue? It could make the company liable for billions in a class action lawsuit.
BIPA was passed in 2008 to protect the biometric data of individuals, but with the inception of fingerprint scanners on everything from cell phones to office time clocks, it has left business liable without literally gaining an employees permission every single time they enter biometric data.
The issue was really catapulted into the mainstream after a 2015 lawsuit and 2020 settlement of case against Facebook relating to facial recognition software it was using on photos. The flood gates opened after that, leading to major court rulings in Illinois, including the most recent White Castle case, that is estimated to have a potential liability of $17 billion.
In a news conference at the statehouse Thursday, business interests pressed for reform.
Mark Denzler, President & CEO of the Illinois Manufacturers’ Association
“This is not a new issue,” he said. “We can both protect privacy without destroying business through frivolous lawsuits. BIPA is constantly being misused to extort businesses for financial gain by class action attorneys who are cashing in by misusing the law with their own brand of jackpot justice.”
Business argues its more than just having permission to use a fingerprint to clock in or clock out. Often, safes in hospitals that dispense life saving medication or opioids require biometric keys to access.
“It poses risks to patients if a doctor or nurse is unable to provide treatments in a timely manner because they can’t access the medicine cabinet, or they have not provided a biometric consent,” said Illinois Hospital Association Senior Vice President and General Counsel Karen Harris.
We spoke Thurday with Brad Tietz, the Vice President for Government Relations of the Chicagoland Chamber of Commerce to get a little more in depth on the issue. He said one of the main issues with the law is that business can be sued even if an employee’s data was never compromised, just simply for what he calls “technical violations” of the law.
Tietz says one issue in the wording of the law prevents businesses from getting a broad-ranging consent to use biometric data on an employees first day, instead requiring paper consent every time a thumbprint or retina scan is used.
“That is something we are actively looking to include in a BIPA reform bill,” Tietz said.
Tietz said concerns over data restrictions has already caused companies to chose not to locate or expand in Illinois.
The Supreme Court did, effectively, ask the General Assembly to revisit the law.
Rep. Ann Williams (D-Chicago), who leads the topic for House Democrats, told Capitol News Illinois she isn’t jumping into negotiations.
“To react immediately by making a quick change in the law without saying how things play out seems a bit premature to me,” Williams told CNI.
Trial lawyers and the ACLU are pushing back on change to the law, we’re told, so we’ll see what Democrats are willing to do this spring.