BIPA’s "Golden Age" May Be Short Lived


Following last year’s Illinois Supreme Court ruling in Cothron v. White Castle System, Inc., Illinois courts experienced a significant increase in Biometric Information Privacy Act [“BIPA”] litigation. The Cothron Court’s interpretation of BIPA meant that the White Castle restaurant chain could face up to $17 billion in penalties for collecting, storing, and distributing employee fingerprints without the employees’ consent. In effect, the Cothron Court found that BIPA violations accrue, and companies are liable for each separate violation of the Act.

BIPA is violated under Section 15 (b) and (d) each time a private entity: (1) scans or collects a person’s biometric identifier without their consent or (2) discloses or disseminates a person’s biometric identifier without their consent. A plaintiff may recover $1,000 for negligent violations or $5,000 for intentional or reckless violations. For example, employees may recover $1,000 or $5,000 for each time they clock in or out of work using biometric identifiers without their consent. This number doubles if an employee’s biometric identifiers were disclosed to a third party to verify and authenticate.

Companies are not just liable under BIPA in the employer-employee context. Illinois plaintiffs recently recovered a $68.5 million settlement from Instagram parent Meta Platforms, Inc., for allegedly collecting and storing their biometric information between 2015 – 2023. Understandably, BIPA’s “Golden Age” has drawn ire from business lobbyists and applause from employees and consumers.

However, BIPA’s Golden Age may soon come to an end with proposed bill SB 2979. Introduced by Senator Bill Cunningham, SB 2979 seeks to limit the financial exposure companies face by providing that plaintiffs may only recover once each for Section 15 (b) and (d) violations. There have been previous attempts at reforming BIPA, but Senator Cunningham claims that such attempts sought “to remove or narrow privacy protections,” adding that “SB 2979 does not take that approach … rather it puts a common-sense formula in place to determine the amount of financial damages.”

If you have any questions about how the Biometric Information Privacy Act, Cothron, or SB 2979 may impact your business, please do not hesitate to contact Justin Callaci at or (312) 506-4462.

Related Posts
  • Are Non-Competes Gone? The New Non-Compete Rule & What it Means for Your Organization Read More
  • Nonprofit “Director” or “Trustee”: Which Term is Legally Proper? Read More
  • Illinois Supreme Court Defines Scope of Municipal Administrative Adjudication Read More