The Privacy Class Action Review - 2023 - Report - Page 18
Second, the landscape of privacy litigation remains very much in flux. In these class
actions to date, the plaintiffs’ bar primarily has alleged on behalf of employees and/or
consumers that companies improperly collected their biometric data for a host of
functions, such as to enhance their timekeeping systems, to promote their security, to
increase employee productivity, to enhance their sales, or to facilitate consumer
transactions.
In response to these lawsuits, employers have mounted a litany of defenses, some of
which remain untested or unsettled. Some of these defenses surround: (i) the accrual of
the statute of limitations for purposes of starting the clock; (ii) whether each allegedly
unlawful scan or collection of data constitutes a discrete violation; (iii) whether biometric
data was actually collected, used, or stored; (iv) whether exemptions related to health
care providers apply; and (v) whether and to what extent alleged violations occurred in
Illinois for purposes of satisfying extraterritoriality limitations. Courts are starting to
consider these defenses, contributing to a patch-work quilt of rulings in 2022 that are
likely to prompt additional litigation and uncertainty.
The plaintiffs’ bar is also bringing novel BIPA class actions under evolving case
theories, including lawsuits alleging surveillance claims, voiceprint claims, and privacy
17
© Duane Morris LLP 2023
Duane Morris Privacy Class Action Review – 2023
