The Privacy Class Action Review - 2023 - Report - Page 24
was successful and allowed to bring her claims on behalf of as many as 9,500 current
and former White Castle employees, class-wide damages in her action may exceed $17
billion. Once again, the Supreme Court rejected White Castle’s argument, holding that
the statutory language was clear and supported plaintiff’s position. See id. ¶ 40.
(citations omitted).
Importantly, however, the Supreme Court acknowledged that trial courts could exercise
their discretion to reduce the amount of statutory damages that plaintiffs can recover. Id.
¶ 42. In closing, the Supreme Court reiterated the position that White Castle’s “policybased concerns about potentially excessive damage awards under the Act are best
addressed by the legislature,” and it “suggest[ed] that the legislature review these policy
concerns and make clear its intent regarding the assessment of damages under the
Act.” Id. ¶ 43. Accordingly, the Illinois Supreme Court concluded that the plain language
of §§ 15(b) and 15(d) shows that a claim accrues under the BIPA with every scan or
transmission of biometric identifiers or biometric information without prior informed
consent.
Notably, three Illinois Supreme Court Justices, including Chief Justice Theis, joined the
Dissenting Opinion. Of note, the Dissent opined that two significant consequences
militate against the majority’s construction. Id. ¶ 60. First, under the majority’s rule,
plaintiffs would be incentivized to delay bringing their claims as long as possible, since
“If every scan is a separate, actionable violation, qualifying for an award of liquidated
damages, then it is in a plaintiff’s interest to delay bringing suit as long as possible to
keep racking up damages.” Id. Second, the Dissent noted that, “the majority’s
construction of the Act could easily lead to annihilative liability for businesses.” Id. ¶ 61.
In sum, the Dissent commented that, “Imposing punitive, crippling liability on businesses
could not have been a goal of the Act, nor did the legislature intend to impose damages
wildly exceeding any remotely reasonable estimate of harm. Id. ¶ 63. To this point, the
Dissent opined that, “nothing in the Act indicating that the legislature intended to impose
cumbersome requirements or punitive, crippling liability on corporations for multiple
authentication scans of the same biometric identifier. The legislature’s intent was to
ensure the safe use of biometric information, not to discourage its use altogether.”
Following the Illinois Supreme Court’s similar pro-plaintiff ruling in Tims v. Black Horse
Carriers, 2023 IL 127801 (Ill. Feb. 2, 2023), which applied a five-year statute of
limitations to the BIPA instead of a one-year statute of limitations, the well is beginning
to dry for businesses in terms of potential BIPA class action defenses. While employers
can still explore novel exemptions, such as information captured from a patient in a
health care setting, most companies caught in the crosshairs of BIPA class actions will
be facing monumental amounts of potential damages.
Businesses confronted with BIPA class actions may need to explore alternative
potential defenses, such as the constitutionality of the overbearing damages thresholds.
Companies will also likely push for legislative changes. Nonetheless, given the bleak
outlook of the law as it stands, it is imperative for businesses to immediately ensure
23
© Duane Morris LLP 2023
Duane Morris Privacy Class Action Review – 2023
