EPIC Tells Court Not to Weaken Enforcement of Illinois Biometric Privacy Law
June 7, 2021
EPIC has filed an amicus brief in Cothron v. White Castle, a case about when violations of Illinois's Biometric Information Privacy Act ("BIPA") can be vindicated in court. Cothron alleges that White Castle collected and disclosed her fingerprints for a decade in violation of BIPA. White Castle is trying to scuttle the case, claiming that an individual is only able to sue the first time a company violates their BIPA rights because it is only then that an individual "loses control" of their biometric data and suffers a legal injury. White Castle argues that, even if the company continued to violate BIPA to this day, they shouldn't be held liable because the first violation was long enough ago that it falls outside the statute of limitations. But the Illinois Supreme Court held in Rosenbach v. Six Flags that every violation of BIPA confers the right to sue. The district court accordingly rejected White Castle's argument, but certified the question to a federal appeals court. EPIC filed an amicus brief in the appeals court and argued that White Castle's proposed rule would effectively "overrule the Illinois Supreme Court on a question of state law" by attempting "to import arguments about Article III standing into the BIPA statutory injury analysis." EPIC also argued that White Castle is "mistaken about the underlying purpose of BIPA" and that White Castle's rule "would in fact undermine BIPA’s purposes" because it "would remove the key incentive for companies who previously violated BIPA to come into compliance, adopt responsible biometric data practices, and seek informed consent." EPIC has filed amicus briefs in other BIPA cases, including Rosenbach v. Six Flags and Patel v. Facebook, and regularly participates as amicus in cases concerning the right to sue for privacy violations.