There is finally a common sense amendment to the Illinois Biometric Information Privacy Act (“BIPA”). The new Amendment, signed on August 2, 2024 by Governor Pritzker, allows entities to obtain consent via electronic signature, but far more importantly, it did away with “per scan” damages. That is, pursuant to Illinois Supreme Court precedent (Cothron v. White Castle), each data capture (i.e., fingerprint or eye scan) could constitute a separate BIPA violation with damages up to $5,000 per scan. Thus, for example, if a company had a defective consent process and used a fingerprint scan to clock in and out 100 employees for 365 days, there could be 36,500 violations (or 73,000 if used to clock in and out each day) at $5,000 per violation, or $182.5 million (or $365 million if used twice a day) in damages. Such an application of BIPA was often financially crippling to businesses and stifling of new technology despite such violation causing arguably minor harm to individuals - which apparently was never the intent of BIPA. Under the Amendment, the “aggrieved person” can only recover for one violation even if the unlawful collection or disclosure occurs more than once (such as when they sign in to a time clock every day). Using the example above, the damages would now be capped at $500,000 – still material, but obviously magnitudes less so.
The next battle will be whether the Amendment applies retroactively.
Should you have any questions about BIPA or the new Amendment, please feel free to reach out to Michael J. Feldman, Esq., at or 908-964-2486.
