Biometric Litigation Risks Endure Even Post BIPA Amendment
Enacted in 2008, the Illinois Biometric Information Privacy Act (“BIPA”) regulates the collection and possession of biometric data by private entities operating in Illinois. Biometric data includes, for example, fingerprints, voiceprints, eye scans, and face/hand scans. Notably, BIPA establishes a private right of action, allowing any person to seek damages, attorneys’ fees, and injunctive relief if the person has been aggrieved by a BIPA violation. The statutory damages for BIPA violations are steep, including $1,000 to $5,000 per violation, attorneys’ fees and costs, and the possibility of injunctive relief.
Massachusetts’ Highest Court Signals Willingness to Scrutinize State Wiretapping Laws and Knock Out Claims at the Pleading Stage
For the past few years, hundreds of companies have been caught in a wave of privacy class actions relying on decades-old wiretapping laws to attack modern website technologies and business tools. Last week, Massachusetts’s highest court engaged in a thorough assessment of that state’s wiretap law and rejected plaintiff’s argument that commonly used website advertising and analytical tools intercepted “communications” in violation of the law. The basis for the suit is not novel — hundreds of similar cases have been filed in the past few years. But the Supreme Judicial Court’s willingness to engage in a deep analysis of the wiretapping law early in the case is noteworthy.
Second Circuit Offers Guidance on Meaning of “Consumer” Under the U.S. Video Privacy Protection Act
Yesterday, in Salazar v. National Basketball Association, the Second Circuit Court of Appeals reversed a district court’s dismissal of a putative class action under the Video Privacy Protection Act (VPPA), offering an interpretation of the VPPA’s definition of “consumer” that differs from how the majority of courts have used that term.
The Legal Battles Taking Shape in the Clash Over Internet Content
A federal law known as Section 230 has provided a powerful legal shield for internet companies for nearly three decades. Designed to “promote the internet,” it protects platforms from civil liability for content posted to their sites by third parties.
New York Attorney General Publishes Guide to Avoid “Key Mistakes” Regarding Online Tracking Technologies
On July 30, 2024, New York Attorney General Letitia James announced website privacy guides for New York consumers and businesses. The guides, a business-focused Business Guide to Website Privacy Controls and a consumer-focused Consumer Guide to Tracking on the Web, are available on the Office of the New York State Attorney General’s (the “OAG’s”) website. The Business Guide to Website Privacy Controls is instructive for businesses operating websites available in the state. The OAG’s announcement is made amid increasing regulatory scrutiny, including by the FTC, as well as increased litigation centered on the use of online tracking technologies.
A New Wave of Class Actions: The Genetic Information Privacy Act
Largely dormant for the last 25 years, Illinois’ Genetic Information Privacy Act (GIPA) has been sharing the limelight recently with its sibling, the Biometric Information Privacy Act. (BIPA). GIPA includes a number of restrictions related to the use and disclosure of genetic testing and genetic information, and it provides a private right of action and permits recovery of steep statutory damages. In 2023 alone, over 50 GIPA complaints were filed, and new suits continue to be filed in 2024. In this article, published on AML Law.com, Sidley lawyers Kathleen Carlson, Lawrence Fogel, and Colleen Brown explore some of GIPA’s emerging issues and unanswered questions.
District Court Finds Communications Decency Act Provides Automotive Device Manufacturer Immunity for Clean Air Act Violations
On March 28, 2024, in US v. EZ Lynk, the U.S. District Court for the Southern District of New York dismissed the Department of Justice’s (DOJ) claim that an automotive device manufacturer violated Section 203 of the Clean Air Act (CAA), holding that Section 230 of the Communications Decency Act (CDA) provided complete immunity from CAA liability for the sale of certain aftermarket automotive devices. This decision of first impression offers an important precedent in the automotive industry and beyond. The decision gives effect to the CDA as drafted and will make it significantly harder for the government to hold manufacturers and online retailers liable for content, including software, created and sold by third parties.
Cybersecurity Takeaways From White House Tech Report
On Feb. 26, the White House’s Office of the National Cyber Director (ONCD), released a report on how technology manufacturers and software developers can improve the cybersecurity posture of the U.S. This report, “Back to the Building Blocks: A Path Toward Secure and Measurable Software,” aligns with the Biden administration’s current, intense focus on combatting ever-increasing cyberthreats through software development and software manufacturer accountability. In this article, published by Law360 on March 26, Sidley lawyers Alan Charles Raul, Stephen McInerney and Vishnu Tirumala discuss the ONCD report and provide key take-aways for software developers and manufacturers, their senior management, and boards.
Trend Watch 2024: Hot Topics in California Regulation and Litigation
Join our 7th annual Trend Watch webinar to learn how tactical decision-making can help you conquer California’s challenging legal environment. Our focus areas will include:
- New developments in California privacy law
- Prop. 65 by the numbers
- Need-to-know environmental law changes
In a Win for Defendants, Illinois Supreme Court Holds That Health Care Exemption Under BIPA Is Not Limited to Patients’ Biometric Information
For the third time in 2023, the Illinois Supreme Court addressed the scope of the Illinois Biometric Information Privacy Act (BIPA) — this time in Mosby v. Ingalls Memorial Hospital. In a unanimous decision, the court held that BIPA’s “health care exemption” is not limited to patients’ biometric information (such as fingerprint scans), but also extends to biometric information collected, used, or stored for healthcare treatment, payment, or operations — regardless of its source.1 This decision also marks the Illinois Supreme Court’s first BIPA-related decision where it adopted the defendants’ proposed interpretation of the statute. (more…)
