Court ruling on biometric data enables US citizens the right to sue tech companies

Tuesday 5 February 2019 13:03 CET | News

The right of private individuals to sue companies like Google and Facebook if they collect their biometric data without their written consent, has been passed down by the Illinois Supreme Court.

The ruling in the case of Rosenbach v. Six Flags Entertainment involves an interpretation of the controversial Illinois biometric data law, which is formally known as the Biometric Information Privacy Act, 740 ILCS 14/1 et seq. (“BIPA”). In this case, the mother of a 14-year-old minor sued the Six Flags theme park for improperly collecting the fingerprints of her son in order to issue a season pass for the park.

This right is enabled even if there was no “harm” to the individuals. Simply by violating the personal privacy of an individual, a corporation can cause harm – and there is no need to prove that any other malicious event has occurred.

The Illinois biometric data law was introduced back in 2008 and states that all businesses in the state of Illinois must follow very strict rules whenever they are collecting, storing and sharing biometric data of customers and clients. As a result, companies must obtain written consent, must have in place policies for the retention and destruction of biometric data, and must have secure safeguards in place to protect that biometric data.

Legislation such as BIPA (and similar biometric laws that has been passed in Washington State and Texas) provides a way for US citizens to claim damages any time they have been “aggrieved” or “harmed” by biometric technology. That is because the Illinois law specifically grants a “private right of action” (i.e. the right to sue a company) to citizens, enabling them to claim damages of up to USD 1,000 if their biometric identifiers (such as fingerprints or facial scans) are used in any way that causes harm to them.

As a result, this important court ruling on biometric data could set the new standard nationwide. So far only three US states – Illinois, Washington and Texas – have laws on the books related to biometric data. However, a handful of other states – Michigan, New Hampshire, Alaska and Montana – have pending legislation related to biometric data, according to CPO Magazine. Based on this ruling, they might be willing to also give a private right to action to its own citizens, thereby holding tech companies to the same rigorous standard as Illinois.

Free Headlines in your E-mail

Every day we send out a free e-mail with the most important headlines of the last 24 hours.

Subscribe now

Keywords: data, data privacy, online security, biometrics, biometric data, consent, facial recognition, fingerprints, US
Countries: World


MYHSM, Prime Factors to deliver payment solution using Thales payShield 10k

Published 13 Aug 2019 13:49 CET | World
MyPinPad`s MYHSM has partnered with data security specialists Prime Factors, to deliver cloud-based payment solution using Thales payShield 10k....

Crypto-security company Fireblocks gets USD 16 mln from Fidelity, Tenaya Capital

Published 11 Jun 2019 00:35 CET | World
Fireblocks has received USD 16 million in Series A funding from Cyberstarts, Tenaya Capital, and Eight Roads, the proprietary investment arm of Fidelity International....

US credit card company Deserve raises USD 17 mln funding

Published 28 Aug 2018 13:47 CET | World
Deserve, a US-based credit card company, has raised USD 17 million in Series C funding in a bid to address the payment needs of Generation Z....

Dutch police able to crack BlackBerry encryption

Published 15 Jan 2016 10:51 CET | World
The Netherlands Forensic Institute (NFI) has confirmed that Dutch police have been able to crack the encryption to recover even previously deleted e-mails....