In 2008, the state of Illinois enacted the Illinois’ Biometric Information Privacy Act (BIPA), which
requires customers give affirmative permission before companies can collect biometric markers like fingerprints and facial recognition models from them. This law has stood as a barrier for tech giants like Facebook and Google, who have faced lawsuits regarding alleged BIPA violations in their photo-tagging technologies,
BIPA was put in in danger recently, as it was reviewed by the Illinois Supreme Court after a privacy incident occurred at Six Flags, according to The Verve. The amusement park allegedly took a fingerprint from a 14-year-old girl without getting her parents’ consent, violating BIPA provisions. In an effort to not be held accountable for such transgressions, they argued that they could not be held liable unless the fingerprinted individual sustained significant injury because of the unauthorized collection.
But to corporate tech’s dismay, the Illinois Supreme Court ruled that “a person need not have sustained actual damage beyond violation of his or her rights under the Act,” leaving BIPA in effect as is. “Whatever expenses a business might incur to meet the law’s requirements,” explains the ruling, “are likely to be insignificant compared to the substantial and irreversible harm that could result if biometric identifiers and information are not properly safeguarded.”
Privacy advocates have applauded the decision, with the Electronic Frontier Foundation calling it a “victory” in a post: “As biometric collection, use, and sharing become more widespread and invasive every year, it only becomes more important that private citizens can sue under laws like BIPA to protect their privacy.”
Unsurprisingly, the Chamber of Commerce was not as thrilled. The organization wrote in a statement, “we fear that today’s decision will open the floodgates for future litigation at the expense of Illinois’ commercial health.”