David Poell, Kari Rollins, and Liisa Thomas of SheppardMullin write:
The Illinois Biometric Information Privacy Act (BIPA) has spawned hundreds of class action lawsuits and a raft of unresolved issues. A core issue from a litigation perspective—as well as for companies bracing for potential lawsuits—is one of “standing,” and in particular, what BIPA claims can be brought by plaintiffs in what venues.
As we discussed in an earlier post, in a case from last year (Bryant v. Compass Group USA, Inc.), the Seventh Circuit ruled plaintiffs have federal standing for claims alleging that a company collected biometric information without written consent (i.e., violated Section 15(b) of BIPA). BIPA has other requirements, however. Namely, that companies publicly disclose their biometric retention policy, and retain biometric information in accordance with such policy (i.e., violations of Section 15(a) of BIPA). While the Bryant case found there was standing for violations of Section 15(b), the court found at the same time that a violation of the disclosure requirement (Section 15(a)) does not create standing. However, a few months later in Fox v. Dakkota Integrated Systems, the Seventh Circuit ruled that a violation of the retention requirement under Section 15(a) does create standing.
Read more on Eye on Privacy.