Bill filed to loosen liability for IL digital privacy law

SPRINGFIELD, Ill. (WCIA) — Illinois has some of the country’s strictest digital privacy protections, leaving some employers concerned about costly lawsuits in an ever-changing digital landscape. A new bill aims to adjust these laws and loosen the liability for small business owners.

The Biometric Information Privacy Act states that private entities must get consent before collecting biometric information. Businesses in violation of this can be ordered to pay hefty damages for each instance where this information is collected, even if it is the exact same information being collected repeatedly.

For example, some businesses use digital fingerprinting systems to clock in and out. If the employee did not give the business documented permission to collect those fingerprints, each clock-in could be considered a violation of BIPA and lead to a minimum of $1,000 in damages per fingerprint scan.

Illinois employers concerned over recent rulings in Biometric Information Privacy Act claims

Due to the law, Meta paid Illinois users more than half a billion dollars in 2020 for using facial recognition technology on Facebook. That lawsuit is just one of more than 1,500 lawsuits filed under the law, mostly affecting small businesses.

State Senator Bill Cunningham (D-Chicago) has proposed amending BIPA with a new bill in hopes of shielding employers from these heavy repercussions.

“Given the rash of cybersecurity breaches we hear about, Illinoisans should be proud that we have arguably the strongest digital privacy laws in the nation. However, our laws have not kept up with changes in technology, which has left some small businesses facing overwhelming financial liabilities,” Cunningham said. “[The law] will keep the current privacy restrictions in place and hold violators accountable, as well as ensure businesses are not unfairly punished for technical violations of the law.”

With Cunningham’s proposal, BIPA violation claims against a company would be limited to a per-person basis, rather than a per-collection basis. In other words, all those fingerprints from the aforementioned timekeeping example — or any other biometric information from a singular employee — would only amount to one violation.

UIS launches new lab, class to help high school students innovate

The bill comes after the Illinois Supreme Court ruled 4-3 last year in Cothram vs. White Castle the law as written has a per-collection basis for biometric data. Justices in the majority opinion wrote lawmakers should clarify BIPA “regarding the assessment of damages” and believed the policy concerns should be solved by the legislature, not the court.

Industry leaders in the state also warned the law could have severe economic consequences because of the ruling.

“Dozens of legislative proposals to update BIPA have been offered in recent years, but most of those efforts have attempted to remove or narrow privacy protections that have been embedded in the law,” Cunningham said. “SB 2979 does not take that approach. Rather, it puts a common-sense formula in place to determine the amount of financial damages that must be paid for violations of the act.”

The will would also allow electronic signatures as a legal way to give a company permission to collect their biometric information.

For the latest news, weather, sports, and streaming video, head to