Hepler Broom, LLC

Four Appellate Decisions Could Alter the Current Landscape for Claims Under Illinois’ Biometric Information Privacy Act (BIPA)

May 4, 2021

by Charles N. Insler

illustration of various biometric information sourcesIllinois’ Biometric Information Privacy Act (BIPA) establishes safeguards and procedures relating to the retention, collection, disclosure, and destruction of biometric data. 740 ILCS 14/15. Passed in October 2008, BIPA is intended to protect a person’s unique biological traits – the data encompassed in a person’s fingerprint, voice print, retinal scan, or facial geometry. Id. But in the last few years, BIPA – with its statutory penalties of $1,000 for each negligent violation and $5,000 for each intentional or reckless violation – has quickly become the bane of corporate defendants. The situation became even worse after the Illinois Supreme Court’s Rosenbach decision. Rosenbach v. Six Flags Entm’t Corp., 2019 IL 123186. In Rosenbach, the Court held that a “violation [of the statute], in itself, is sufficient to support the individual’s or customer’s statutory cause of action.” Id. at ¶33 (emphasis added). In other words, a bare statutory violation confers standing on a BIPA plaintiff. See id.

The Supreme Court’s ruling has, predictably, spurred additional litigation asserting bare violations of the statute. Hundreds of lawsuits have now been filed following the January 2019 decision, with almost all of the lawsuits brought as class actions. The lack of standing had been a key argument for defendants facing BIPA lawsuits. With that argument now foreclosed, corporate defendants are pinning their hopes on four cases that are currently pending before state and federal appellate courts in Illinois.

Which Statute of Limitations Applies to BIPA?

BIPA itself does not include a statute of limitations. Stauffer v. Innovative Heights Fairview Heights, LLC, 480 F. Supp. 3d 888, 904 (S.D. Ill. 2020).[1] When a statute does not delineate its limitations period, the limitations period is five years – unless there is statute of limitations that is “more specifically applicable.” Id. (citing 735 ILCS 5/13-205). On the other hand, invasion of privacy claims come with a one-year statute of limitations. Id. (citing 735 ILCS 5/13-201). And because BIPA is, fundamentally, a privacy statute, the argument is that BIPA should be subject to a one-year limitations period. See id. (summarizing the argument). Statutes that carry a statutory penalty come with a two-year statute of limitations. Meegan v. NFI Indus., Inc., No. 20-CV-465, 2020 WL 3000281, at *4 (N.D. Ill. June 4, 2020) (citing 735 ILCS 5/13-202). And because almost all BIPA actions claim the statutory damage amount (rather than seeking actual damages), the argument is that BIPA should be subject to a two-year limitations period. See id. (summarizing the argument).

To date, both the federal courts and the Illinois trial courts have concluded that BIPA is subject to the five-year catchall limitations period. See, e.g., Stauffer, 480 F. Supp. 3d at 905; Meegan v. NFI Indus., Inc., 2020 WL 3000281, at *4; Robertson v. Hostmark Hospitality Group, Inc., 2019 WL 8640568, at *4 (Ill. Cir. Ct. Chan. Div. July 31, 2019). Clarity may be coming soon, however. Two cases – Tims v. Black Horse Carriers, Inc., No. 1-20-0562, and Marion v. Ring Container Techs., LLC, No. 3-20-0184 – are currently pending before the Illinois Court of Appeals. See Herron v. Gold Standard Baking, Inc., No. 20-CV-07469, 2021 WL 1340804, at *2 (N.D. Ill. Apr. 9, 2021). Tims and Marion could each soon decide “whether BIPA claims are [] subject to a one-, two-, or five-year statute of limitations.” Id.

When Does BIPA Statute of Limitations Begin

A related issue is also pending before the U.S. Court of Appeals for the Seventh Circuit. See In Re: White Castle System, Inc., No. 20-8029 (7th Cir. Nov. 9, 2020). In November 2020, the Seventh Circuit accepted an interlocutory appeal, where the “controlling question . . . is whether a private entity violates BIPA only when it first collects or discloses an individual’s biometric data without making the required disclosures, or whether a violation occurs each time the entity collects or discloses the data.” Herron, 2021 WL 1340804, at *4 (citing In Re: White Castle System, Inc.). The court’s ruling in White Castle System could bar many pending claims as stale and beyond the statute of limitations if Tims and Marion conclude that a one-year or two-year statute of limitations applies. See id.

Is BIPA Pre-Empted by Illinois Workers’ Compensation Act?

Finally, the Illinois Supreme Court is poised to decide whether “BIPA claims brought by employees against their employers are preempted by the Illinois Workers’ Compensation Act (“IWCA”), 820 ILCS 305/1. See McDonald v. Symphony Bronzeville Park, LLC, No. 126511. McDonald – like In Re: White Castle System, Tims, and Marion – has the potential to upend the current BIPA landscape. The vast majority of BIPA claims have been brought by employees against their employers for the use of biometric time-keeping devices. A finding that employees’ BIPA claims are preempted could wipe out hundreds of pending lawsuits. At least one federal court believes this is an unlikely outcome. Herron, 2021 WL 1340804, at *2. In Herron, the court refused to stay the case based on McDonald, finding that the Illinois Court of Appeals had “already ruled that the IWCA does not preempt BIPA claims brought by employees” and that “nearly every state and federal court to consider the question” had reached a similar conclusion. Id.

The Takeaway

McDonald seems unlikely to offer corporate defendants the preemption panacea they are hoping for. However, Tims, Marion, and White Castle System have the potential to ease some of the current crush of BIPA litigation.

[1] Disclosure: the author is counsel of record for Innovative Heights Fairview Heights, LLC.

 

 

COVID-19 Updates

HeplerBroom is pleased to announce that its physical offices have reopened. While the health and safety of our clients, employees, and families, remain our top priority, HeplerBroom attorneys and staff are returning to our offices on full-time or modified schedules. Our offices are open to visitors and clients with scheduled appointments, with appropriate screening of visitors and social-distancing protocols. HeplerBroom will continue to follow CDC recommendations for cleaning and sanitizing.

We are very proud of the dedicated efforts of our attorneys and staff to provide great service and work product to our clients during the pandemic. This would not have been possible without the incredible support provided by the HeplerBroom IT Department and other essential personnel who supported our personnel and clients from the office locations while the rest of our teams worked remotely.

If you have questions about visiting our offices, please do not hesitate to contact us. We look forward to seeing you in person again in the near future.