Judges set statute of limitations for BIPA prosecutions

The Illinois First District Court of Appeals issued a ruling that sets clearer guidelines for those bringing a civil action under the Biometric Privacy Act. The ruling comes from a three-judge panel in Chicago and specifically concerns a dispute between trucking company Black Horse Carriers and a pair of former Black Horse drivers.

The drivers filed their initial complaint in 2019, alleging that Black Horse violated BIPA by collecting and storing their fingerprint data without the proper consent. They also accused Black Horse of illegally sharing this biometric data with a third-party timing company.

For its part, Black Horse requested the dismissal on procedural grounds. BIPA does not provide a statute of limitations for biometric cases, and instead refers to the existing Illinois Code of Civil Procedure. This code provides for a one-year statute of limitations for slander, libel and unlawful disclosure of privacy issues, and a five-year statute of limitations for all other civil matters.

Black Horse asserted that the complainant’s complaint was moot because it described an unlawful disclosure violation and detailed actions that occurred more than a year before the complaint was filed. A state judge disagreed with this assessment and applied the full five-year limitation period to the case.

The Court of Appeal, meanwhile, decided to divide the difference. The judges ruled that Black Horse’s information sharing with the timing company met the legal definition of publication as a private communication between two parties and therefore was subject to the one-year limitation period. However, they said the same was not true for the breaches of consent and data retention, which were more of an internal transgression.

In doing so, they settled one of the main procedural debates of the BIPA era. Complainants have five years to sue a company that illegally collects or stores biometric data, and one year to sue a company that is simply sharing data inappropriately. The Black Horse plaintiffs, meanwhile, can now move forward with this part of their case.

The decision comes shortly after a separate district court ruling that determined that BIPA laws still apply to products built with biometric data, even if a company doesn’t sell the data itself. BIPA lawsuits have led to several major settlements over the past year, with TikTok and Facebook agreeing to pay $ 92 million and $ 650 million in class action lawsuits, respectively.

Source: Reuters

September 23, 2021 – by Eric Weiss

Source link

About Roberto Frank

Check Also

Smart homes: UK privacy row, Xiaomi unveils biometric lock

A British judge recently ruled that an Amazon Ring doorbell and security cameras installed in …

Leave a Reply

Your email address will not be published. Required fields are marked *