Illinois changes biometric privacy law to help corporations avoid big payouts

Enlarge (credit: Getty Images | imaginima)

Illinois has changed its Biometric Information Privacy Act (BIPA) to dramatically limit the financial penalties faced by companies that illegally obtain or sell biometric identifiers such as eye scans, face scans, fingerprints, and voiceprints.

The 2008 law required companies to obtain written consent for collection or use of biometric data and allowed victims to sue for damages of $1,000 for each negligent violation and $5,000 for each intentional or reckless violation. But an amendment enacted on Friday states that multiple violations related to a single person’s biometric data will be counted as only one violation.

The amendment, approved by the Illinois Legislature in May and signed by Gov. J.B. Pritzker on August 2, provides “that a private entity that more than once collects or discloses a person’s biometric identifier or biometric information from the same person in violation of the Act has committed a single violation for which the aggrieved person is entitled to, at most, one recovery.”