| Almeida Law Group Almeida Law Group consumer protection lawyer
| Almeida Law Group Almeida Law Group consumer protection lawyer

practice areas

Illinois’ Biometric Information Privacy Act (BIPA)

Enacted in 2008, the Illinois Biometric Information Privacy Act (BIPA) seeks to protect the privacy of individuals’ biometric data, such as their fingerprints, facial recognition data, retina scans, voiceprints and other unique biological characteristics. The law establishes strict rules regarding how companies and organizations can collect, use, store and share biometric information.

BIPA is one of the most stringent biometric privacy laws in the United States and has been invoked in numerous class action lawsuits.

The scope of the law includes collection of biometric data on social media sites and Artificial Intelligence applications that may be harvesting your biometric data without your knowledge.

Unlike similar biometric laws in other states, Illinois’s BIPA provides for a private right of action, meaning that individuals (and their attorneys) play an important role in enforcing the law by bringing BIPA claims so that companies do not unlawfully collect the biometric data of Illinois residents.

Key Provisions of BIPA include:

  1. Informed Consent: Companies must obtain explicit consent from individuals before collecting their biometric data. The consent must specify the purpose of the data collection and how long the data will be stored.
  2. Written Policy: Organizations must have a publicly available written policy that details their practices for storing, using, and protecting biometric information.
  3. Data Security: There are requirements for safeguarding biometric data to prevent unauthorized access, disclosure, or use.
  4. No Selling or Leasing: BIPA prohibits the sale, lease, or disclosure of biometric data to third parties unless explicitly authorized by the individual.
  5. Right to Delete Data: Individuals have the right to request that their biometric data be deleted when it is no longer needed for the purpose for which it was collected.

 

Who is Protected Under BIPA?

Under BIPA, any individual whose biometric data is collected, used, stored, or shared in Illinois is protected by the law. This includes:

  1. Illinois Residents: The law applies to individuals who are residents of Illinois, regardless of where the data is being collected.
  2. Any Person Whose Biometric Data is Collected in Illinois: The law also applies to individuals who may not be Illinois residents but have their biometric data collected while they are physically present in Illinois. This means that visitors to the state are also covered if they provide their biometric information during their time in Illinois.

 

What Constitutes a BIPA Violation?

A BIPA violation occurs when a company or organization fails to comply with the specific provisions set forth in the act. The most common ways companies violate BIPA include:

  • Employers using biometric time clocks, by using employee’s fingerprints, eye retinal scan or facial recognition scan, without their consent.
  • Social media platforms scanning photos for facial recognition without permission.
  • Retailers or service providers using biometric authentication without informing users.
  • Companies that use facial recognition cameras, particularly for security and anti-theft.

 

What Are the Penalties for a Violating BIPA?

BIPA imposes significant financial penalties for non-compliance as violators can face fines of:

  • $1,000 per violation for negligent violations and
  • up to $5,000 per violation for intentional or reckless violations.

 

High-Profile BIPA Cases

  • Rosenbach v. Six Flags Entertainment Corp.: Illinois Supreme Court ruled that a violation of BIPA, even without actual harm, is enough to allow a person to file a lawsuit. The case was sent back for further proceedings.
  • Santana v. Take-Two Interactive Software, Inc.: The case was settled in 2020 with Take-Two agreeing to pay a significant sum to resolve claims that its use of biometric data in video games violated BIPA.
  • In re Facebook Biometric Information Privacy Litigation: Facebook settled the class action for $650 million in 2020, with the company agreeing to provide compensation to users whose biometric data was used for facial recognition without consent.
  • Biometric Information Privacy Litigation v. Shutterfly, Inc.: The case settled, with Shutterfly agreeing to pay $1.2 million to resolve claims related to the unauthorized collection and use of biometric data for facial recognition.
  • Cothron v. White Castle System, Inc.: The court ruled in 2021 that White Castle could face continuous violations under BIPA, but the case is still in progress with potential for significant damages depending on the number of violations. The Illinois legislature amended BIPA as a result, but courts are split on if those amendments apply retroactively.

 

How Almeida Law Group Helps Victims of BIPA Violations

Law firms play a vital role in helping victims of BIPA violations by offering legal services and expertise in navigating complex biometric data privacy issues. Here are some of the ways Almeida Law Group assists victims:

  • Identifying Violations: We can assess whether a company has violated BIPA by collecting, storing or using biometric data without proper consent, notice or compliance with the law.
  • Filing & Litigating Lawsuits: We file class action lawsuits on behalf of individuals or groups of affected people by which we often seek statutory damages which, under BIPA, range from $1,000 per violation (for negligent violations) to $5,000 per violation (for willful violations). We help victims recover these damages on a per-instance basis, allowing victims to seek compensation even without having to prove actual harm.
  • Ensuring Data Destruction Compliance: We may assist in ensuring that companies are properly destroying biometric data after consent is revoked or after the required retention period ends, as mandated by BIPA.

 

BIPA Cases in which Almeida Law Group is serving as Lead or Co-Lead Counsel:

  • Aragon v. Weil Foot & Ankle Institute LLC, 2021-CH-01437 (Cook County Cir. Ct.) (co-lead counsel in BIPA class action, settled on a class-wide basis)
  • Bore v. Ohare Towing Systems Inc., 2020-CH-02865 (Cook County Cir.) (co-lead counsel in BIPA class action, final approval granted)
  • Daichendt v. CVS Pharmacy Inc., 1:22-cv-03318 (N.D. Ill.) (co-counsel in BIPA class action)
  • Vargas v. Cermak Fresh Market Inc., 2020-CH-06763 (Cook County Cir. Ct.) (co-counsel in BIPA class action)
  • Karling v. Samsara Inc., 1:22-cv-00295 (N.D. Ill.) (co-counsel in BIPA class action)
  • Stegmeyer v. ABM Industries Incorporated, et al., 1:24-cv-00394 (N.D. Ill.) (co-lead counsel in biometric class action)
  •  

Contact us for a free case evaluation

Your use of this site and the information provided here is not intended to create and does not create an attorney client relationship with the Almeida Law Group and/or attorneys employed by the Firm. No attorney client relationship is intended or created unless and until an engagement agreement is signed by all relevant parties. The contents of this site constitute attorney advertising and not legal advice; therefore you should not act or rely upon any information contained herein, and should always seek the advice of an attorney.

Resourceful. Resilient. Relentless.

Contact us today to get the justice you and your family deserve.

contact us today
Almeida Law Group consumer protection lawyer
HOME  /  ABOUT US  /  INVESTIGATIONS  /  DIVERSITY  /  CONTACT / PRIVACY POLICY
  • CHICAGO OFFICE: (708) 529-5418
  • SACRAMENTO OFFICE: (916) 241-3568
Ⓒ 2025 Almeida Law Group. All Rights Reserved.
| Almeida Law Group Almeida Law Group healthcare whistleblowers