User:Legaleagle2022/Biometric Information Privacy Act

The Biometric Information Privacy Act
Illinois set forth the Biometric Information Privacy Act on October 3, 2008 in an effort to regulate the collection, use, and handling of biometric identifiers and information by private entities. Notably, the Act does not apply to government entities. While Texas and Washington are the only other states that implemented similar biometric protections, BIPA is the most stringent.

Standing in Federal Court
BIPA is the only law in the U.S. that provides a private right of action to any individual who is aggrieved by a violation. However, in order to litigate a BIPA action in federal court, the aggrieved person must have federal constitutional standing otherwise known as Article III standing. Generally, Article III standing requires that a plaintiff suffer an injury to a legally protected interest that is causally connected to the defendant's conduct and such injury will likely be addressed by a court's decision.

The National Biometric Information Privacy Act
On October 3, 2020, Senator Jeff Merkley introduced the National Biometric Information Privacy Act of 2020 (Senate Bill 4400). While the Act contains provisions similar to BIPA it is more expansive than BIPA. If passed, the Bill would be the first of its kind to regulate biometric information on a national scale.

Federal court cases
''In re Facebook Biometric Info. Privacy Litig.'', 185 F. Supp. 3d 1155 (N.D. Cal. 2016)


 * Illinois Facebook users alleged that the social media platform violated the BIPA when it scanned images of their faces, without consent, in order to run its Tag Suggestions feature; a California federal court certified the class in 2018.

Monroy v. Shutterfly, Inc., No. 16 C 10984, 2017 WL 4099846 (N.D. Ill. Sept. 15, 2017)


 * Shutterfly users claimed that the company violated the BIPA when it scanned uploaded digital photos using facial recognition software. On September 15, 2017, Northern Illinois District Court Judge Joan B. Gottschall denied a motion to dismiss the lawsuit.

Rivera v. Google, Inc., 238 F. Supp. 3d 1088 (N.D. Ill. 2017)


 * Google users sued the company for violating the BIPA, alleging that it created and stored scans of users' faces on its Google Photos service, without user consent. On February 27, 2017, Northern Illinois District Court Judge Edmond E. Chang denied a motion to dismiss the lawsuit but on December 29, 2018 the lawsuit was dismissed for lack of standing.

McDonald v. Symphony Bronzeville Park LLC, N.E.3d (Ill. App. Ct. Sept. 18, 2020).


 * A nursing home violated BIPA when it collected an employee's biometric data for time tracking purposes without disclosing or obtaining consent from the employee. The Illinois Supreme Court will determine whether the Worker's Compensation Act provides employers with a defense against BIPA claims by their employees.

Related state-level bills and laws
As of 2021, a number of similar bills have been introduced in states across the country. These include:


 * Alabama, 2021 AL H.B. 216
 * Alaska, 2021 AK S.B. 116
 * Colorado, 2021 CO H.B. 11244; 2021 CO S.B. 190
 * Connecticut, 2021 CT S.B. 893
 * Florida, 2021 FL H.B. 969
 * Hawaii, 2021 HI S.B. 1009
 * Indiana, 2020 IN H.B. 1371
 * Kentucky, 2021 KY S.B. 280 §2(5)
 * Maine, 2021 ME S.P 535
 * Maryland 2021, MD H.B. 218; 2021 MD S.B. 16
 * Massachusetts, 2021 MS S.B. 2612
 * Michigan, 2017 Bill Text MI H.B. 5019
 * Minnesota, 2021 MN S.F. 1408
 * Mississippi, 2021 MS S.B. 2612
 * Montana, 2021 MT H.B. 710
 * New Hampshire, 2017 Bill Text NH H.B. 523 (amended and passed in 2018 as NH H.B. 523)
 * New Jersey, 2020 NJ A.B. 3625
 * New Mexico, 2019 NM S.B. 176
 * New York, 2021 NY A.B. 27
 * North Carolina, 2021 NC S.B. 569
 * Oklahoma, 2021 OK h.B. 1602
 * Pennsylvania, 2021 PA H.B. 5945
 * Rhode Island, 2019 RI H.B. 5945; 2019 RI S.B. 234
 * South Carolina, 2021 SC J.B. 3063
 * Utah, 2021 UT S.B. 200
 * Virginia, 2020 VA H.B. 2307
 * Washington, 2021 WA H.B. 1433
 * West Virginia, 2021 WV H.B. 2064; 2021 WV H.B. 3159
 * Wisconsin, 2019 WI S.B. 851

International equivalents
On May 25, 2018, the EU effectuated the General Data Protection Regulation (GDPR), one of the world's strongest data protection regulations to date.