If you heard a collective sigh of relief last week, it was probably businesses reacting as Illinois Governor Pritzker finally signed Senate Bill 2979, officially reforming BIPA for the first time since 2008. As a reminder, SB 2979 was passed back in May, but has been awaiting the Governor’s signature.
This development is significant for two reasons. First, the new law prohibits the recovery of “per-scan” damages. This means that if a business collects or discloses an individual’s biometric data without consent, then that business is only liable for one BIPA violation as to that individual. In 2023, the Illinois Supreme Court’s decision in Cothron v. White Castle Systems decided that violations were accrued on a “per-scan” basis, leading to an outpouring of claims. This law effectively overrules that decision. Second, the bill permits businesses to fulfill the “written release” requirement for consent via “electronic signature.” This will make it easier for businesses to collect – and individuals to provide – consent for the collection and retention of biometric information.
Putting it into Practice: These amendments became effective on August 2, 2024. Businesses that anticipated costly litigation from a “per-scan” BIPA demand may have cause for relief. However, the prohibition on “per-scan” damages may not apply retroactively to pending BIPA actions. Additionally, businesses can reconfigure their consent flows to enable electronic signatures.
Listen to this post here
by: David M. Poell , Kathryn Smith of Sheppard, Mullin, Richter & Hampton LLP
For more news on the Illinois Biometric Information Privacy Act (BIPA), visit the NLR Consumer Protection section.