Publication
2nd Circuit defers to executive will on application of sovereign immunity
The Second Circuit recently held that federal common law protections of sovereign immunity did not preclude prosecution of a state-owned foreign corporation.
United States | Publication | September 2021
The Seventh Circuit heard oral argument on September 14, 2021, in Cothron v. White Castle System, Inc., No. 20-3202, a case that has the potential to convert a violation of the Illinois Biometric Information Privacy Act ("BIPA") into a business-shuttering offense—without any demonstration of actual injury to the plaintiff. While the case raises substantial equitable and constitutional questions, which were addressed in the briefing submitted by White Castle and its amici, the oral argument focused largely on whether the Seventh Circuit should address the issue before it or, instead, certify the question to the Supreme Court of Illinois. The latter proposition has many businesses feeling anxious because the last time the Illinois Supreme Court considered a major question regarding BIPA's construction, it adopted a broad reading that opened the floodgates to class action litigation under the statute. For businesses with operations in Illinois that use biometric technology, this case is an important one to watch.
Under BIPA, which was enacted in 2008, businesses must comply with certain statutory requirements in connection with the collection, use, or disclosure of biometric identifiers or information (e.g., through finger scans or facial recognition technology). These statutory requirements include providing specific disclosures and obtaining a written release from any individual prior to collecting that person's biometric information. See 740 ILCS § 14/15(b). In addition, BIPA specifies requirements that must be satisfied in order for an entity to disclose a person's biometric information. See id. § 14/15(d). "Any person aggrieved by a violation of" BIPA may bring an action to recover US$1,000 or actual damages for a negligent violation, US$5,000 or actual damages for an intentional or reckless violation, reasonable attorneys' fees and costs, and injunctive relief. See id. § 14/20.
In the first decade after BIPA's enactment, the statute was not heavily litigated. Then, in 2019, in Rosenbach v. Six Flags Entertainment Corp., 129 N.E.3d 1197 (Ill. 2019), the Illinois Supreme Court considered what it means to be "aggrieved" under the statute and determined that a "violation [of the statute], in itself, is sufficient to support the individual's or customer's statutory cause of action." Rosenbach, 129 N.E.3d at 1206. Following this decision, courts were flooded with BIPA class actions driven by the lure of potentially massive liquidated damages based on a purely statutory violation, even without any actual harm.
In Cothron, BIPA's construction is once again at issue. This time, the question is whether a BIPA violation accrues only once, upon the first non-compliant collection or disclosure of biometric information, or whether each subsequent collection or disclosure constitutes a separate violation under the statute. For example, if an employer fails to get a BIPA-compliant written release from an employee prior to the employee's first use of a finger-scan timeclock system, does the violation accrue upon the employee's first finger-scan, or is there a separate violation each time the employee scans his or her finger to clock in or out of work?
The district court held that each biometric scan constitutes a discreet violation of the statute subject to its own liquidated damages. Under this holding, if an employer uses a finger-scan timeclock system, each individual scan could constitute a separate violation of the statute subject to liquidated damages of up to US$5,000. If this reading stands, the potential damages, particularly in a class action, could be astronomical, thereby rendering the statute purely punitive, contravening its remedial purpose, and raising significant due process concerns.
Although counsel for White Castle previewed the merits of these arguments, the panel quickly focused on whether the Illinois Supreme Court should have an opportunity to address this issue of statutory interpretation. Judge Frank Easterbrook, in particular, signaled that such an approach may be warranted, noting that BIPA cases are generally removed under the Class Action Fairness Act, thereby preventing the issue from reaching the state's highest court. White Castle argued that certification was inappropriate because resolution of the issue would merely require the Court to apply state law accrual principals, which it does regularly. Ms. Cothron's counsel, on the other hand, welcomed certification of the issue, if the Court were disinclined to uphold the district court's ruling.
While the ruling in this action may have broad-reaching effects on litigation in this space, the Illinois General Assembly may take action that will moot its outcome. Earlier this year, Illinois lawmakers introduced HB 559, a bill that would, among other things, narrow the definition of biometric information and identifiers, implement a 30-day notice-and-cure period, and make liquidated damages available only upon a showing of a willful violation. A separate bill, HB 560, would eliminate the private right of action entirely, in favor of enforcement by the Illinois Department of Labor or Attorney General. Prior attempts to amend BIPA, however, have been unsuccessful (see, e.g., SB 2134 (2019)), and HB 559 and 560 have drawn significant opposition from a number of sources, including the Illinois ACLU and organized labor.
This time may be different, however. As the global COVID-19 pandemic has led to unprecedented adoption of remote work, learning, court appearances, and various other human interactions, the use of video technology has been widely adopted. Indeed, the Seventh Circuit conducted oral argument in Cothron virtually by remote video conferencing technology. With the increased use of such technologies, a new wave of opportunistic BIPA lawsuits has emerged, including cases that target universities that have adopted remote exam proctoring software. These actions allege that the software, which enables remote test-taking without a proctor, gathers students' biometric information, such as facial recognition data, voice data, and gaze monitoring data, without complying with BIPA's statutory disclosure and written release requirements. Perhaps faced with these current realities, the Illinois General Assembly will be prepared to move forward with the amendments that have previously failed. Alternatively, the changed landscape and tidal wave of litigation following Rosenbach may encourage the Illinois Supreme Court to adopt a more narrow construction if tasked with deciding the issue in Cothron.
Publication
The Second Circuit recently held that federal common law protections of sovereign immunity did not preclude prosecution of a state-owned foreign corporation.
Publication
Facing the fast-growing development of AI across the globe, particularly Generative AI (GenAI), the G7 competition authorities and policymakers (Canada, France, Germany, Japan, Italy, the UK and the US) and the European Commission met in Italy on 3-4 October 2024 to discuss the main competition challenges raised by these new technologies in digital markets.
Subscribe and stay up to date with the latest legal news, information and events . . .
© Norton Rose Fulbright LLP 2023