Capitol Fax.com - Your Illinois News Radar

Latest Post | Last 10 Posts | Archives

Previous Post: Today’s quotable
Next Post: Crypto industry boosts spending for CD1 Jonathan Jackson above a million dollars so far

Bailey, Irvin oppose Illinois Biometric Information Privacy Act

Posted in:

• Illinois

* First, some background from the Illinois Radio Network…

Some Illinois residents could soon receive a check as part of a settlement in a class action lawsuit against Google.

The lawsuit, which is similar to the one settled recently with Facebook, claimed the company violated the state’s Biometric Information Privacy Act with the Google Photos app. According to plaintiffs, the social media platform illegally used facial recognition data, gathered without consent, to prompt users to tag their friends in photos.

“Illinois does have the most far reaching biometric information protection law in the country,” said Ed Yohnka, director of communications with the ACLU of Illinois. “Illinois has been a place that has really protected the privacy of individuals who live here.”

* More from NBC 5…

Illinois’ Biometric Privacy Act prohibits private sector companies and institutions from collecting biometric data from unsuspecting citizens in the state or online, no matter where the business is based. Data cannot be sold, transferred or traded. Unlike any other state, citizens can sue for alleged violations, which has sparked hundreds of David-and-Goliath legal battles against some of the world’s most powerful companies.

If a company is found to have violated Illinois law, citizens can collect civil penalties up to $5,000 per violation compounded by the number of people affected and days involved. No state regulatory agency is involved in enforcement.

* Crain’s…

A question about repealing or modifying the Illinois Biometric Information Privacy Act, which has inundated business with class-action lawsuits, provided each candidate an opportunity to lambast Michael Madigan or the legislative body he controlled as speaker for 36 years.

“Mike Madigan’s decision to hand policy control to the trial lawyers for decades has taken its toll on the state’s economy,” Irvin says. “Alongside cutting income taxes, lowering property taxes, getting crime under control and rooting out corruption, curbing lawsuit abuse is an important element of a comprehensive economic growth strategy.” Bailey says, “Illinois has a long history of being a haven for abusive lawsuits, and the legislature has been complicit in enacting legislation that has worsened a bad situation. I have consistently opposed these unnecessary efforts.”

Your thoughts?

posted by Rich Miller
Wednesday, Jun 22, 22 @ 11:17 am

Comments

1. Why even have laws? They just create business for trial lawyers/s

   Comment by BlueBin Wednesday, Jun 22, 22 @ 11:20 am

2. I’m barely surprised that they don’t like it. This is exactly what you want when you buy into the Griffin/Rauner “we must make sure the C-Suite execs are more powerful to attract more corporate HQs” mindset. This is a zero sum game. If you want to make the Rauner class happier, it’s going to come out of your bank account.

   You first.

   Comment by Arsenal Wednesday, Jun 22, 22 @ 11:22 am

3. If Richard Irvin falls in the woods does it make a noise?

   Comment by watchful eye Wednesday, Jun 22, 22 @ 11:24 am

4. “the Illinois Biometric Information Privacy Act, which has inundated business with class-action lawsuits”

   They could easily avoid those lawsuits by simply doing what I’ve done: obeyed the law.

   – MrJM

   Comment by MisterJayEm Wednesday, Jun 22, 22 @ 11:28 am

5. Imagine that… the people that want to overturn Roe are against privacy. There was a time when Republicans believed in the individual. Those days are over.

   Comment by Ducky LaMoore Wednesday, Jun 22, 22 @ 11:29 am

6. Multibillion dollar companies can’t collect and sell your personal information because…Madigan. Careful now, you may make people like the guy.

   Comment by One hand //ing Wednesday, Jun 22, 22 @ 11:32 am

7. = decision to hand policy control to the trial lawyers for decades has taken its toll on the state’s economy=

   Isn’t Irvin a “trial lawyer”?

   Self loathing I guess.

   Comment by JS Mill Wednesday, Jun 22, 22 @ 11:34 am

8. Short sighted. Something conservatives should be absolutely on board with,call for more regulation of. These two candidates are so, so bad.

   Comment by Name/Nickname - May soon be required Wednesday, Jun 22, 22 @ 11:35 am

9. I work in data privacy and BIPA is *world leading.* All of my colleagues from all over the world know BIPA. Sometimes I work with a someone I haven’t worked with before and when we’re chatting before getting down to business and I say I’m in Chicago, they say, “Oh, that’s Illinois, right? You have BIPA!” We literally have an internal chart listing the strictest data privacy rules for different types of data (we typically try to comply with the strictest rule so we don’t have to run multiple compliance regimes), and for biometric data it’s always, always BIPA.

   It’s a good law (and I say that from the side of “corporations that have to comply with it”). It’s the world-leading law, and it’s going to be copied all over the world. Smart companies already comply with BIPA (or are preparing to comply with it), so that when the EU comes out with stricter regulations for biometrics, or when the CCPA comes in later this year, they’ll already be in compliance because they’re complying with Illinois.

   People complaining about BIPA are a) lazy about data privacy; b) using data in predatory ways; or c) have a really bad infosec/compliance regime that thinks the way to deal with data privacy is by complaining about it rather than reorienting their corporate governance towards protecting it. Honestly, any company that’s fighting BIPA is a company that’s unprepared for the slew of data regulations coming online in 2023 and 2024, and the question should be “why should Company have to comply with BIPA?” but rather, “why is Company so unprepared for data privacy, and what is this going to cost shareholders? Does this suggest Company will be proactively withdrawing from the EU and California, or just stumbling through dozens of expensive lawsuits?”

   Data privacy is a rapidly-growing area; the draft of the proposed federal privacy law that came out a couple weeks ago would require basically every company over $40M revenue to have a Data Protection Officer (basically a C-suite position relating just to data protection). That would create some 60,000 new, federally-mandated DPO jobs in one swoop. If you have kids in college or grad school, tell them to look at data privacy — the field is growing like crazy and there aren’t nearly enough people to do all the jobs. It pays well, too.

   Comment by Suburban Mom Wednesday, Jun 22, 22 @ 11:36 am

10. MisterJayEM - no, not really. This has affected how some business use fingerprint scan for payroll. Person then leaves - 2-4-6- years later (no statue limitations) and forget hey signed an authorization then sues - attorney seeks others - now you have a class action suit going and expenses to defend. DESPITE NO ONE ALLEGING DAMAGES or their metrics have been compromised….

    Comment by Kane County Cougar Wednesday, Jun 22, 22 @ 11:38 am

11. or, tl;dr: companies that don’t want to comply with BIPA are failing concerns that are unprepared for current regulatory requirements relating to data privacy, let alone what’s coming next.

    Comment by Suburban Mom Wednesday, Jun 22, 22 @ 11:38 am

12. So Irvin and Bailey believe that allowing Illinois citizens to sue organizations when their privacy has been compromised is somehow abusive and unjust and makes the state uncompetitive?

    Comment by Pundent Wednesday, Jun 22, 22 @ 11:39 am

13. ==This has affected how some business use fingerprint scan for payroll.==

    They can just not.

    Comment by Arsenal Wednesday, Jun 22, 22 @ 11:40 am

14. Oh, dang it, I think my long comment used the banned punctuation. Rich, release me from comment jail (banned punctuation). I have a lot of specific knowledge about this.

    Comment by Suburban Mom Wednesday, Jun 22, 22 @ 11:43 am

15. “forget hey signed an authorization then sues”

    Seems like the kind of document that a business should hold on to so that they can present it at a preliminary hearing and have that lawsuit dismissed.

    That’s what I’d do.

    – MrJM

    Comment by MisterJayEm Wednesday, Jun 22, 22 @ 11:47 am

16. I don’t understand the argument that BIPA has been bad for the Illinois business climate. I don’t believe any Illinois-based company has been targeted, and none of the companies who have paid out ceased operating in the state.

    Facebook is still operating in Texas even after their goofy state legislature created a private right of action for content moderation. I’ll take $400 and less racism over $0 and more racism, but to each their own. Facebook certainly doesn’t miss that money.

    Comment by vern Wednesday, Jun 22, 22 @ 11:49 am

17. ==Seems like the kind of document that a business should hold on to so that they can present it at a preliminary hearing and have that lawsuit dismissed.==

    Or even better, when the lawyer sends the demand letter.

    Comment by Arsenal Wednesday, Jun 22, 22 @ 11:49 am

18. Pundent- that is the point against the way this is written (legislation) Their privacy HAS NOT BEEN compromised and they sue. Perhaps in 2016 your policy wasnt a robust and didnt cover every part of the legislation - despite no damages - no compromised privacy - they can sue.

    Comment by Kane County Cougar Wednesday, Jun 22, 22 @ 11:50 am

19. I don’t like the idea of businesses selling my photo for facial recognition. But it strikes me odd that candidates from a party that argues so much about our “rights” being violated would be against the BIPA.

    On a related matter, I recently had my Illinois driver’s license renewed, and I had to take my eyeglasses off for the photo. Is that for facial recognition purposes by police?

    Comment by Streator Curmudgeon Wednesday, Jun 22, 22 @ 11:57 am

20. ===Perhaps in 2016 your policy wasnt a robust and didnt cover every part of the legislation - despite no damages - no compromised privacy - they can sue. ===

    That’s so weird that that’s what you’re seeing, because in 2021 the 7th Circuit twice dismissed a class action suit for lack of standing because it failed to allege damages.

    It’s a notice-and-consent regime that requires you to purge data when no longer needed and prohibits you from profiting by selling or renting access to other people’s biometric data. What about that do you feel is overbroad? Especially given that you cannot change your biometric data if it is compromised. It’s not like a credit card number — that keeps being your face, your fingerprint, even if it’s been sold to every criminal on planet earth. That demands a fairly high bar for using and protecting biometric data.

    Comment by Suburban Mom Wednesday, Jun 22, 22 @ 11:59 am

21. Suburban Mom deserves a gold medal for her comments today.

    Comment by Shark Sandwich Wednesday, Jun 22, 22 @ 12:13 pm

22. despite 7th circuit - still seeing suits. AGAIN- despite no damages; nothing compromised - even if you find the authorizations and move to dismiss attorney finds a reason do fight - the authorization didnt have the company’s name on it just said THE COMPANY; the authorization was clear;

    Just asking for statue of limitations; and damages to be able to be sued. The business does have liability if someone’s data / biometric was compromised support those suits. The others are just a money grab and nuisance lawsuits

    Comment by Kane County Cougar Wednesday, Jun 22, 22 @ 12:13 pm

23. –I don’t believe any Illinois-based company has been targeted–

    The reality is that while the “Big Tech” firms have captured all the headlines, it is the SME’s of this state that have had to bear the brunt of these frivolous suits.  Mostly for internal employment violations (i.e. time keeping and security purposes) and not for commercial purposes. 

    Comment by Lamb Wednesday, Jun 22, 22 @ 12:20 pm

24. === have had to bear the brunt ===

    Will be happy to read any examples or statistics you can share

    Comment by vern Wednesday, Jun 22, 22 @ 12:32 pm

25. 1. Republicans don’t believe that Americans should have privacy rights so this tracks.

    2. Willing to bet both men signed up to get their checks from the Facebook lawsuit and cashed them, which is completely hypocritical, and also tracks for Republicans’ view of constitutional rights.

    Comment by Thomas Paine Wednesday, Jun 22, 22 @ 12:39 pm

26. I would be offended by their stance on this law, if I thought that either of them had any idea what they were actually talking about. This is like trump trying to answer the nuclear triad question during the 2016 primary. My guess is that Bailey and Irvin just started spouting whatever nonsense words that came to mind in the moment, because neither of them are actually familiar with what BIPA says or does.

    Comment by Lester Holt’s Mustache Wednesday, Jun 22, 22 @ 12:48 pm

27. This is a tough call. BIPA provides some vital privacy protections, but the right of action provisions are a bit over the top. As much as I love to see facebook and google pay through the nose, small businesses have been hit pretty hard by settlements in cases where nobody’s information was breached or misused. There’s gotta be a happy medium out there.

    Comment by Roman Wednesday, Jun 22, 22 @ 1:05 pm

28. From a political standpoint alone, being against this law makes no sense. I and many other people I know received almost $400 in a settlement against Facebook for their violation of our privacy as outlined by this law.

    Telling people you’re against them receiving significant sums of money (during tough economic times, no less) from very wealthy tech companies when they violate your privacy is not a winning political message.

    Comment by Techie Wednesday, Jun 22, 22 @ 1:25 pm

29. =Will be happy to read any examples or statistics you can share=

    There have been 900 cases alleging BIPA violations through September 2021. Organizations large and small have been inundated with class actions. Here are just a few:

    Dabecca Natural Foods, Superior Nut and Candy, Loews Chicago, Superior Health Linens, Superior Ambulance, Millard Group LLC, Pineapple Hospitality Company, ABRA Autobody, ABT Electronics, Caputos, Chicago Lakeshore Hospital, Crate and Barrel, Dial Retirement Communities, East Lake Management, Estates of Hyde Park, Finkl Steel, Grand Victoria, Griffith Foods, Hixon Lumber Supply, Marinos, Mercy Hospital, Northshore University Health System, Parc at Joliet, Pete’s Fresh Market, Smith Senior Living, South Holland Home, Tony’s Fresh Market, University of Chicago Medical Center, and WeatherTech.

    Sources: Law360, American Bar Association, Institute for Legal Reform, and UofI Law Review

    Comment by Lamb Wednesday, Jun 22, 22 @ 2:19 pm

30. “small businesses have been hit pretty hard by settlements in cases where nobody’s information was breached or misused”

    Links to a few examples of such cases would strengthen this argument significantly.

    – MrJM

    Comment by MisterJayEm Wednesday, Jun 22, 22 @ 2:23 pm

31. Suburban Mom winning today. Thanks for all the info. Our children will grow to live in a world where identity theft isn’t about the compromise of social security number or your bank account info, but will happen through the theft of biometric data, which cannot be changed. BIPA is a strong tool against that future, and weakening its protections would be the wrong move.

    Comment by Oxfordian Wednesday, Jun 22, 22 @ 3:49 pm

32. ==where nobody’s information was breached or misused==

    Maybe don’t collect it at all? Maybe these companies need to re-evaluate why they need it.

    Comment by Demoralized Wednesday, Jun 22, 22 @ 4:34 pm

33. Another law passed in Illinois that leads the nation in responding to new challenges

    Comment by walker Wednesday, Jun 22, 22 @ 5:21 pm

34. Just want to add one additional thing to the great post from Suburban Mom. Any company involved with biometrics has some kind of global presence and is already doing this for GDPR. The data protection tools today allow instant application of data protection rules. If your complaining about it it’s because your cheap or lazy.

    Comment by ITEngineer Wednesday, Jun 22, 22 @ 8:29 pm

Add a comment

Sorry, comments are closed at this time.

Previous Post: Today’s quotable
Next Post: Crypto industry boosts spending for CD1 Jonathan Jackson above a million dollars so far

Last 10 posts:

• SUBSCRIBERS ONLY - Another supplement to today’s edition (05-15)
• Isabel’s afternoon briefing (05-15)
• SUBSCRIBERS ONLY - Issue poll (05-15)
• Question of the day (05-15)
• Poll: Johnson disapproval at 57 percent, approval at 28 percent (05-15)
• Rides For Moms Provides Transportation To Prenatal Care (05-15)
• It’s just a bill (05-15)
• Caption contest! (05-15)
• Isabel’s morning briefing (05-15)
• Vote YES On IHA’s Legislation To Address Unnecessary Care Denials By Medicaid MCOs (05-15)

more Posts (Archives)

WordPress Mobile Edition available at alexking.org.

powered by WordPress.