SPRINGFIELD – Leading business, healthcare and technology groups are united in opposition to proposed changes to the state’s Biometric Information Privacy Act (BIPA), which fails to enact needed reforms and would instead increase financial damages against businesses and further suppress security, innovation and economic growth.
A coalition including the Chicagoland Chamber of Commerce, Illinois Chamber of Commerce, Illinois Hotel & Lodging Association, Illinois Manufacturers’ Association, Illinois Railroad Association, Illinois Retail Merchants Association, Illinois Trucking Association, TechNet and National Federation of Independent Business Illinois is urging lawmakers to reject the proposal, which is contained in an amendment made to HB3811.
The proposal undermines months of negotiations intended to limit the impact of BIPA, which has been routinely abused in order to extort businesses for financial gain where no harm has ever been alleged. The legislation represents a 50 percent increase in penalties that can be awarded on future settlements. Furthermore, there is no standard to prove harm which is the definition of a frivolous lawsuit.
“Just when we thought BIPA couldn’t get any worse for businesses in Illinois, lawmakers unveil a proposal that will only increase abuse of this law by trial attorneys,” said Mark Denzler, President and CEO, Illinois Manufacturers’ Association. “To say this is a disappointing end to negotiations understates the true harm this proposal will cause if enacted.”
“Today’s developments are disappointing. Lawmakers are making an already flawed law worse. BIPA needs serious reforms to reflect today’s modern economy and widely accepted privacy law,” said Tyler Diers, TechNet Executive Director for Illinois and the Midwest. “The bill was passed in 2008 and many of the technologies we all use every day either were in their infancy or were not yet created. We can modernize the law without jeopardizing its original intent. Failure to do so will continue to foreclose future innovation in Illinois and hurt our state’s tech sector.”
“There will be some who will try to claim this legislation is reform. Don’t be fooled, there’s a reason why every sector of the business community is opposed to this legislation, including technology, retail, manufacturing, healthcare, transportation and hospitality,” said Clark Kaericher, Senior Vice President of Government Affairs, Illinois Chamber of Commerce.
In the 15 years since BIPA was enacted, more than 1,500 frivolous lawsuits have been filed by class action lawyers against manufacturers, retailers, hospitals, nursing homes, entertainment venues, hotels, and other businesses by claiming violation of employee or consumer rights even though there has been no harm to individuals, theft of identities or nefarious intent. Of those more than 1,500 lawsuits, the vast majority occurred after a 2019 Illinois Supreme Court decision in Rosenbach v. Six Flags, which held that a plaintiff need not demonstrate any form of harm beyond a violation of the law.
Examples of entities sued by trial lawyers under BIPA:
- US Department of Homeland Security
- The Salvation Army of Cook County
- Lutheran Senior Services
- Council of Jewish Elderly
- Nursing homes
- The Art Institute of Chicago
- School bus companies
This year, the Illinois Supreme Court issued two additional rulings that exponentially expand the scope and costs of BIPA lawsuits. The first, Tims v. Black Horse Carriers, Inc., eliminated the possibility of a one-year statute of limitations for claims under BIPA, ruling that a “catchall” five-year statute of limitations applies to these cases, dramatically increasing the timeframe for which complaints can be brought. The second, Cothron v. White Castle, ruled that a claim arises each time data is collected rather than simply the first time. This means every violation may result in a fine of $5,000. For an employer who requires an employee to clock-in using their thumb, or to access prescription medicine in a healthcare setting, that could easily result in fines of more than $20,000 per day, per employee. In the White Castle case, it’s estimated the company could be fined as much as $17 billion.
“We want Illinois to be competitive, we want Illinois to be economically sound, we want to do good things for the people of Illinois through the businesses that we represent. Yet, what we see today is not the reasonable reform of the strictest law in the nation when it comes to biometric privacy. It’s the opposite of reasonable reform,” said Tim Butler, President of the Illinois Railroad Association.
Needed changes include: updating the law to require proof that actual harm occurred to individuals before imposing fines; establishing a “notice and cure” period, which would allow businesses to address any potential issues in instances where there has been no actual harm; giving the Attorney General authority to provide companies with advisory opinions on whether or not their compliance efforts meet the requirements of the law; limiting the statute of limitations for legal action to one year; and allowing
biometric identifiers to be used for security purposes such as managing access to controlled substances, preventing organized retail theft and other violent crimes, and accessing sensitive facilities, including electric plants and refineries.
Legislators should also provide for electronic consent as well as “evergreen” consent, which would operate similarly to the federal Health Insurance Portability and Accountability Act (HIPAA) privacy rule, which allows a single waiver to encompass multiple instances in which information is shared.
“The trucking industry invests $9.5 billion each year to keep truck drivers safe and the motoring public safe. In Illinois, BIPA deters trucking companies from investing in new safety technology that could make our roads even safer,” said Matt Hart, Executive Director of the Illinois Trucking Association. “It’s upsetting lawmakers refuse to consider meaningful changes to BIPA that would allow for greater investments in public safety.”
“Illinois just put in place nation-leading measures to combat organized retail crime and go after ring leaders who use profits to fund dangerous crimes including gun, drug and human trafficking. But without reforms to BIPA, we are taking two steps back in that fight,” said Rob Karr, President and CEO of the Illinois Retail Merchants Association.
Changes to BIPA should not come at the expense of privacy protections. It is already illegal to sell or trade biometric information, and those provisions should remain.
“For years, the Chamber has warned that this law would have dangerous unintended consequences. Failure to make these prudent updates will put businesses of every size and sector at risk for predatory lawsuits and jeopardize jobs and economic opportunity across the state,” said Brad Tietz, Vice President of Government Relations and Strategy for the Chicagoland Chamber of Commerce.
“These lawsuits disproportionately impact small and midsize companies, as well as non-profits seeking to serve our communities, who simply can’t sustain these legal fees and keep their doors open. Illinois cannot afford continued state-sanctioned misuse of the law.”