On February 17, 2023, a split Illinois Supreme Court ruled in Cothron v. White Castle[1] that a separate claim accrues under the Illinois Biometric Information Privacy Act (BIPA) each time a private entity collects or discloses an individual’s biometric identifier or information in violation of sections 15(b) or 15(d) of the Act. Three justices dissented. This decision clarifies whether BIPA claims under sections 15(b) and 15(d) accrue upon the first alleged violation or whether each subsequent violation restarts the clock. The majority concluded: “We believe that the plain language of section 15(b) and 15(d) demonstrates that such violations occur with every scan or transmission.” The Court expressly disagreed with the defendant “that these [types of BIPA violations] are things that can happen only once.”
The Court majority noted that the statutory language had to be given effect even if it was “harsh, unjust, absurd, or unwise.” While this decision had the potential to dramatically expand defendants’ exposure to BIPA liability, the majority provided an important lifeline of sorts to defendants, expressly noting that BIPA damages are discretionary (not mandatory) and that courts could fashion appropriate remedies without subjecting businesses to crippling liability. In light of the substantial consequences of imposing a rule that made each scan of biometric information a separate violation, the majority encouraged the Illinois legislature to “review these policy concerns and make clear its intent regarding the assessment of damages under the Act.” Segments of the Illinois legislature have proposed BIPA amendments in recent years, including a safe harbor provision and other amendments designed to reasonably limit damages. Time will tell if these proposed amendments move forward.
- Latrina Cothron v. White Castle System Inc., 2023 Ill. LEXIS 146.
[back to reference ]
