While the overwhelming majority of the over lawsuits filed in 2023 alleging privacy violation claims were claims asserting that users’ fingerprints or facial scans were improperly used, there were 31 that referenced claims based on these “non- traditional” BIPA allegations.
These cutting-edge privacy lawsuits have resulted in high-dollar-value settlements. In terms of settlement value, the settlement in the litigation captioned In Re Facebook Biometric Information Privacy Litigation, Case No. 15-CV- 03747 (N.D. Cal. Feb. 26, 2021), approved in February 2021, remains at the top, with a whopping $650 million price tag. In that case, plaintiffs alleged that Facebook collected and stored the biometric data of users in Illinois through its use of “Tag Suggestions” and other features involving facial recognition technology, without providing users proper notice and obtaining consent, in violation of the BIPA. Over the past two years, defendants have entered into several other eight-figure settlements stemming from privacy class
actions against Google ($100 million), TikTok ($92 million), and others. These eye-popping figures demonstrate the continued potency of BIPA litigation in terms of financial exposure and explain the continued interest in BIPA class actions on the part of the plaintiffs’ class action bar. As the BIPA’s parameters begin to settle in to place, these large settlement numbers with continue to pop in the upcoming year. This Review analyzes the key decisions and settlements over the past year, providing companies a one-of- its-kind resource to assess the past, present, and future of complex privacy litigation. 1. Illinois Supreme Court Rules On The Statute Of Limitations For BIPA Violations In early 2023, the Illinois Supreme Court set the tone for what would become a monumental year for BIPA litigation, issuing two key rulings that will have repercussions for decades to come. In Cothron, et al. v. White Castle Systems, 2023 IL 128004 (Ill. Feb. 17, 2023), the plaintiff alleged that after she started working at White Castle in 2004, the company required her to use a fingerprint-based system to access the workplace computer she used in her position as a manager. The plaintiff sued White Castle several years later in 2018, alleging that the company violated §§ 15(b) and 15(d) of the BIPA in connection with the fingerprint-based system by: (i) collecting her biometric data without providing her with the requisite notice and obtaining her written consent, and (ii) disclosing her biometric data without consent. After removing the complaint to the U.S. District Court for the Northern District of Illinois, White Castle moved for judgment on the pleadings on the basis that plaintiff ’ s claims were untimely. Specifically, White Castle argued that the plaintiff ’ s BIPA claims accrued in 2008 (when her first fingerprint scan occurred after the BIPA took effect), yet she did not file her complaint until 2018. The district court rejected White Castle ’ s
6
© Duane Morris LLP 2024
Duane Morris Privacy Class Action Review – 2024
Made with FlippingBook - professional solution for displaying marketing and sales documents online